[c-nsp] Monitoring HTTP / url access @10gig

[Ge Moua]

We beta tested the GigaMon platform and for the most part it does what 
it claims it can do; basically takes a span feed and "fans" it out for 
analysis; in the end it was just too $$pricey$$ (> ~$100K USD); seems 
like the target mkt are carriers and large service providers.

Our OITSecurity group has been looking at NetOptics as a less expensive 
alternative:
http://www.network-taps.eu/home/home.php

Does basically the same as the Gigamon but not nearly as expensive 
(~$50K USD); albeit with less bells and whistles.

I forgot to mention that our focus is on IPS/IDS and these 10-gig feeds 
are to our IPS/IDS "home grown" clusters.

Good luck.


Regards,
Ge Moua | Email: moua0100 at umn.edu

Network Design Engineer
University of Minnesota | Networking & Telecommunications Services



Phil Mayers wrote:
> We currently monitor web access from our campus with a VACL capture, 
> picked up by a server-class machine with a 10gig port. Hardware is 
> sup720, and our internet links are 10gig, doing well over 1gbit/sec.
>
> For various reasons this solution is unsatisfactory; the VACL doesn't 
> work well and doesn't support IPv6, SPAN sessions are limited and 
> policy routing to a web cache is exactly what we don't want to do. 
> What other solutions can people recommend?
>
> I see that GigaMon make an interesting (and expensive looking) product:
>
> http://www.gigamon.com/gigavue-420.php
>
> ...which claims to be able to tap a 10gig link, filter the traffic 
> then direct it to a 1gig port. This could be interesting for a number 
> of reasons.
>
> Other suggestions welcome.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/