Traffic Mirroring Configuration Guide for Cisco 8000 Series Routers, Cisco IOS XR Release

PDF

ERSPAN rate limit

Updated: February 5, 2026

Overview

This section explains how the ERSPAN rate limit feature prevents network congestion by controlling the amount of mirrored traffic sent to destinations.

ERSPAN rate limit is a traffic mirroring feature that

  • controls the amount of mirrored traffic sent to an ERSPAN destination over a network

  • enables you to monitor traffic flow through any IP network, including third-party switches and routers

  • prevents network congestion, and

  • ensures ERSPAN traffic avoids overloading the network infrastructure.

Table 1. Feature History Table

Feature Name

Release Information

Description

ERSPAN rate limit

Release 25.1.1

Introduced in this release on: Fixed Systems ( 8700 [ASIC: K100], 8010 [ASIC: A100])

This feature is now supported on:

  • 8712-MOD-M

  • 8011-4G24Y4H-I

ERSPAN rate limit Release 24.4.1

Introduced in this release on: Fixed Systems(8200, 8700)(select variants only*); Modular Systems (8800 [LC ASIC: P100])(select variants only*).

This feature helps you monitor traffic flow through any IP network including third-party switches and routers by providing rate limiting of the mirroring traffic.

*This feature is now supported on:

  • 8212-48FH-M

  • 8711-32FH-M

  • 8712-MOD-M

  • 88-LC1-12TH24FH-E

  • 88-LC1-52Y8H-EM

  • 88-LC1-36EH

Benefits

The ERSPAN rate limit feature offers these advantages:

  • Limits mirrored traffic to prevent network congestion.

  • Enables the use of mirrored traffic for data analysis without overwhelming resources.

  • Supports traffic monitoring across various network devices.


Configuration guidelines and restrictions for ERSPAN rate limit

ERSPAN rate limit configuration guidelines

Consider these guidelines for using ERSPAN rate limit effectively:

  • Configure the rate limit to prevent exceeding network capacity.

  • Monitor traffic flow through any IP network to ensure compatibility with third-party devices.

  • Set Quality of Service (QoS) parameters, Traffic Class (0 to 7), on the traffic monitor session to prioritize traffic.

    Note

    Traffic class 0 has the lowest priority and class 7 has the highest. The default traffic class remains the same as the original traffic class.

  • Intermediate switches carrying ERSPAN traffic from source session to termination session can belong to any Layer 3 network.

  • The ERSPAN rate limit feature is applied on router interfaces to manage monitored traffic.

ERSPAN rate limit restrictions

These restrictions apply to ERSPAN rate limit:

  • Exceeding the rate limit may result in the router capping or dropping monitored traffic.

  • ERSPAN operates in source and destination sessions, requiring careful configuration to avoid data loss.


How ERSPAN rate limit works

Summary

ERSPAN rate limit operates by encapsulating packets in ARPA or IP format using GRE encapsulation.

The key components involved in ERSPAN are:

  • ERSPAN source session: The box where the traffic originates or is SPANned.

  • ERSPAN termination session or destination session: The box where the traffic is analyzed.

Workflow

Figure 1. Topology for ERSPAN rate limit

These stages describe how ERSPAN rate limit works:

  • The router sends GRE tunneled packets to a destination that is identified by an IP address.

  • At the destination, SPAN-ASIC decodes and forwards the packets through a port.

  • The router analyzes the traffic received at the destination.

Result

The ERSPAN rate limit process results in efficiently managing network traffic by controlling the amount of mirrored traffic sent to a destination.


Configure ERSPAN rate limit

Use this procedure to configure the rate limit for ERSPAN.

Procedure

1.

Start a monitor session by using the monitor-session ERSPAN ethernet command.

Example:

Router# configure
Router(config-if)# monitor-session ERSPAN ethernet
!
2.

Set the destination interface.

Example:


Router(config-if)# destination interface tunnel-ip100
Sets the destination interface as tunnel-ip100.
3.

Configure the interface with the necessary IP address and tunnel mode.

Example:


Router(config-if)# interface tunnel-ip1
Router(config-if)# ipv4 address 4.4.4.1 255.255.255.0
Router(config-if)# tunnel mode gre ipv4
Router(config-if)# source 20.1.1.1
Router(config-if)# tunnel destination 20.1.1.2
4.

Install the policy-map on the appropriate interface to manage traffic in the ingress direction.

Example:

Router# configure
Router(config)# interface HundredGigE0/0/0/16
Router(config-if)# ipv4 address 4.4.4.1 255.255.255.0
Router(config-if)# ipv6 address 3001::2/64
Router(config-if)# monitor-session ERSPAN ethernet direction rx-only port-level
acl
!
5.

Verify the configuration.

Example:

Router#show monitor-session FOO status detail
Monitor-session FOO
Destination interface tunnel-ip100
Source Interfaces
-----------------
TenGigE0/6/0/4/0
Direction: Both
Port level: True
ACL match: Disabled