What kind of performance hit do you see on your core routers when you turn on mirror ports?
For me spanning ports are better because I don't like adding additional hardware when I can meet the requirement with existing gear. Less stuff added means less stuff breaks which means less stuff to support. Also, the impact is not significant so it makes no sense for me to buy yet another appliance.
Also, I think network taps are actually a better choice over this suggestion:
At least with mirror ports, if your IDS starts dropping packets (because it can't keep up) you're not going to impact business operations and you're not going to impact connection speed.
This is a *huge* generalization. Many variables contribute to resources used, even at layer 1. Things like, how many ports you're spanning, which IOS/firmware rev you have, the amount of traffic, etc.
A tap would perform better than a span port because of the performance hit (I'd like your opinion) which "wouldn't effect operations". Taps being layer 1, no processing is involved.
In my case, I span a single port that all traffic must route through. Given my device, IOS and through put, the impact is not significant.
Again, requirements drive your choices. In my case, buying a tap makes no sense at all.
Now all that is to question is the physical reliability of network taps, which yes, scares the **** out of me. But the benefits of them seem to outweigh the downsides. And, I will have trouble upgrading core routers.