[c-nsp] network probes / netflow vendors

christian.macnevin at uk.bnpparibas.com christian.macnevin at uk.bnpparibas.com
Mon Aug 7 08:14:25 EDT 2006 

Tried it. To be honest, it didn't quite have the feel I was after.

My ultimate solution is something giving:

1. the topological abilities of something like Packet Design's Traffic 
Explorer (which doesn't support multicast) 
2.the packet inspection abilities of something like TS Associates' TipOff.
3.the Netflow capabilities of (I hear) Crannog. Oh, and the (new) ability 
of NetScout to do IGMP joins.

The first one is the really big one. Hardly anybody seems to do a decent 
topological solution. It's all link-by-link.

My experience with NetScout has been that they don't make enough use of 
the data available to them. It's fine
if you're into probes for unicast packet capture, but the deep packet 
inspectoin isn't great, the alarms have historically
had a lot of problems, and they have no topological view whatsoever. In 
the MPLS space (we also use them for that)
they also don't have the ability to look at multiple routing tables, so 
they have to use an incredibly probe-heavy solution
in order to figure out which VPN you're talking about. When they could (I 
believe) just be using inherent features of
NetFlow v9.

Oh yeah. If NetScout would implement sFlow, it seems like the world would 
be a much better place as well.






Internet
jtantsura at upcbroadband.com

07/08/2006 13:00

To
Christian MACNEVIN, cisco-nsp
cc

Subject
RE: [c-nsp] network probes / netflow vendors






Hi,

At least for multicast you could try Cisco Multicast Manager.
Haven't tried it yet, still on my to do list.
You can get a trial version form your cisco SE.

Regards,
Jeff
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
christian.macnevin at uk.bnpparibas.com
Sent: 07 August 2006 13:15
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] network probes / netflow vendors

Hi all,

I've received a quote for a couple probes and whatnot for a new network
I'm building. It came to
a staggering bill of half the value of the entire network (which is full
of redundant sup720s, 67XX line
cards, 10Gb and more DFCs than you can shake a stick at.) So, we laughed,
they laughed, we laughed,
they stopped laughing. Turns out it wasn't a joke.

So. I'm now in the market for a less humorous monitoring solution. Does
anyone have any particular
suggestions for good, not psychotically priced LAN monitoring solutions?
I've heard that crannog is
a great netflow analysis tool in the past, so I'm going to talk to them.
We're using multicast heavily
(it's finance) so we need something that can handle that. We'd also like
some deep packet inspecting
abilities, and if possible, recording for post incident forensics. I'm
expecting inline probes to be the
biz there.

The offending vendor sounded a bit like Met Trout, incidentally. (I don't
particularly want this post
coming up on searches).

Thanks
Christian.


This message and any attachments (the "message") is
intended solely for the addressees and is confidential.
If you receive this message in error, please delete it and
immediately notify the sender. Any use not in accord with
its purpose, any dissemination or disclosure, either whole
or partial, is prohibited except formal approval. The internet
can not guarantee the integrity of this message.
BNP PARIBAS (and its subsidiaries) shall (will) not
therefore be liable for the message if modified.

****************************************************************************
******************

BNP Paribas Private Bank London Branch is authorised
by CECEI & AMF and is regulated by the Financial Services
Authority for the conduct of its investment business in
the United Kingdom.

BNP Paribas Securities Services London Branch is authorised
by CECEI & AMF and is regulated by the Financial Services
Authority for the conduct of its investment business in
the United Kingdom.

BNP Paribas Fund Services UK Limited is authorised and
regulated by the Financial Services Authority

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list