Skip to content
Skip to search
Skip to footer

Traffic Mirroring Configuration Guide for Cisco 8000 Series Routers, Cisco IOS XR Release

ERSPAN rate-limit per destination

Updated: February 5, 2026

On this page

Overview

Benefits

Configuration guidelines for ERSPAN rate-limit per destination

ERSPAN rate-limit per destination configuration guidelines

Restrictions for ERSPAN rate-limit per destination

ERSPAN rate-limit per destination restrictions

Configure ERSPAN rate-limit per destination

Overview

This section explains how to apply rate limits per source NPU to control the volume of mirrored traffic sent to ERSPAN destinations.

ERSPAN rate-limit per destination is an ERSPAN (Encapsulated Remote SPAN) feature that controls the amount of mirrored traffic sent to ERSPAN destinations by applying a rate-limit per source NPU.

Table 1. Feature History Table
Feature Name	Release Information	Description
ERSPAN rate-limit per destination	Release 25.3.1	Introduced in this release on: Fixed Systems (8200 [ASIC: Q100, Q200, P100], 8700 [ASIC: P100, K100], 8010 [ASIC: A100]); Centralized Systems (8600 [ASIC: Q200]); Modular Systems (8800 [LC ASIC: Q100, Q200, P100]) You can now control the amount of mirrored traffic sent to ERSPAN destinations by applying a rate-limit per source NPU. This helps prevent network congestion and optimize resource usage. The feature introduces these changes. CLI: The rate-limit value keyword is introduced in the monitor-session command. Yang Data Model: New Xpaths for `Cisco-IOS-XR-um-monitor-session-cfg.yang` New Xpaths for `Cisco-IOS-XR-Ethernet-SPAN-cfg.yang`

Benefits

The ERSPAN rate-limit per destination feature offers these advantages:

Allows you to apply rate-limiting directly to SPAN mirrored traffic.
Streamlines configuration with a single command by using monitor-session session-name rate-limit value command.
Provides enhanced control over the amount of mirrored traffic.
Improves monitoring capabilities by delivering per-session statistics.
Simplifies tracking of mirrored traffic and aiding troubleshooting of network monitoring issues.

Configuration guidelines for ERSPAN rate-limit per destination

ERSPAN rate-limit per destination configuration guidelines

You can only apply the rate-limit to ERSPAN destinations. These destinations use tunnel interfaces. The system rejects configurations for local SPAN, which uses physical interfaces.
Cisco IOS XR Release 25.3.1 supports rate-limit in kilobits per second (kbps). The supported values range from 40000 kbps (40 Mbps) as the minimum to 40000000 kbps (40 Gbps) as the maximum.
The system applies the configured rate-limit per ingress NPU. An NPU can host multiple source interfaces.
The effective rate-limit scales with the number of NPUs that contain source interfaces for a given session. This means the actual rate-limit can be higher than the configured value.

For example, if you configure 200 kbps on a system with 48 NPUs:
- If only one NPU has SPAN source interfaces, the rate-limit is 200 kbps.
- If two NPUs each have SPAN source interfaces, the rate-limit is 400 kbps.
- If all 48 NPUs have SPAN source interfaces, the rate-limit scales to 9600 kbps.
Do not configure rate-limiting with drops or protocol-capture options. The system rejects such configurations.

Restrictions for ERSPAN rate-limit per destination

ERSPAN rate-limit per destination restrictions

Rate-limit applies only to ERSPAN (mirroring over GRE tunnel), not supported for local SPAN (mirroring over a physical interface).
Rate-limit configuration is supported only for tunnel interfaces and rejected for Local SPAN (non-tunnel interfaces).
Rate-limiting applies only to transient (forwarded) traffic. It does not support packet drops, for-us packets, or locally sourced packets.
The system provides per-session counters. It does not provide per-interface or per-direction statistics.

Configure ERSPAN rate-limit per destination

Use this procedure to configure the rate-limit per destination for ERSPAN.

Procedure

	1.	Start a monitor session by using the monitor-session ERSPAN ethernet command. Example: `Router# configure Router(config-if)# monitor-session ERSPAN ethernet !`
	2.	Apply the rate-limit for the selected destination. Example: `Router(config-if)# destination interface tunnel-ip100 rate-limit 200kpbs` The rate-limit of `200kpbs` is applied for the destination interface `tunnel-ip100`.
	3.	Verify the configuration. Example: `Router# show monitor-session ERSPAN ethernet status detail Monitor-session FOO Destination interface tunnel-ip100 rate-limit: 200kpbs per NPU Source Interfaces ----------------- TenGigE0/6/0/4/0 Direction: Both Port level: True ACL match: Disabled`
	4.	To display statistics related information, such as the source interfaces and the replicated packet statistics for that interface, use the show monitor-session counters per-session command. Example: `Router# show monitor-session foo counters per-session Monitor session foo GigabitEthernet 0/3/0/0.100: Rx Replicated: 100 Packets 8000 Bytes Tx Replicated: 2 Packets 3000 Bytes Non Replicated: 0 Packets 0 Bytes Per-session counters: Monitor-session foo Total replicated: 45 packets, 3600 octets Non-replicated: 0 packets, 0 octets` Note With a rate-limit applied, counters are availbale at a session level, rather than per source interface.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.