I was recently watching a Cisco video on the architecture of the Nexus 5000 series switches (BRKARC-3452), and learned something pretty surprising.
On the Nexus 5010 / 5020, enabling switchport monitoring / a SPAN session on a port effectively limits its ingress throughput to 6 Gbps. With traffic rates above 6 Gbps, additional SPAN traffic as well as production traffic will be dropped. This is because the N5K’s do everything on the Unified Port Controller at the ingress port (including replicating the traffic to send it to the SPAN destination). The Unified Port Controller has a 12 Gbps connection to fabric inside of the switch. Thus, 6 Gbps of production traffic + 6 Gbps of production traffic being sent to the SPAN destination = a fully utilized connection between the fabric and port controller. It’s surprising that production traffic isn’t prioritized over the SPAN traffic when this congestion occurs.
As a work-around, you can limit SPAN traffic to 1 Gbps. This is obviously a little sub-optimal if you need to capture larger amounts of traffic – but at least you’re not dropping production traffic. I’m not sure why this isn’t the default configuration on a Nexus 5000. On the Nexus 5500’s, there are some additional protections put in place by default to automatically limit the SPAN traffic only under high traffic loads.