[c-nsp] Multiple 10 Gb monitoring
Phil Mayers
p.mayers at imperial.ac.uk
Tue Sep 7 05:12:13 EDT 2010
On 09/06/2010 10:23 PM, chris stand wrote:
> For those of you who are doing 10 Gb connections what are you using for
> packet capture and analysis ? Same tools you used at 1 Gb ?
> How about port aggregation ? Smart taps ?
"It depends"
Search the archives for previous questions I've asked on URL logging at
10gig. I got a lot of useful feedback. You're basically looking at:
1. Smart taps like the Gigamon GigaVUE (Orange!)
2. Mirroring to a port channel / load balancer
3. Smart NICs with onboard filters
4. brute-force ultra-fast capture box
4 can involve bits of 3 as well; using a NIC with an accelarated API for
capturing such as the MyriCOM SNF stuff for example.
We use option 2 in lieu of option 1; if your device permits it, you can
do a dirty hack, such as put a layer3 ACL in the capture port which
gives you a cheap and cheerful version of option 1. If you're careful,
you can buy a device with esoteric ACL capabilities such as "override
output port" and build some really quite clever stuff (Extreme x450e in
case you're wondering).
We also use short-lived ERSPAN sessions to option 4 for operational
troubleshooting.
More information about the cisco-nsp
mailing list