[j-nsp] Whitebox 10Gb/s capture challenge

Drew Weaver drew.weaver at thenap.com
Thu Jan 12 13:20:23 EST 2012 

Everyone pointed out really good notes here as well but as far as I know and this may have changed recently but if you do the 10Gbps / smallest possible packet size you'll crush the CPU before it ever gets anywhere near the disks.

I was trying to figure out a way to use iptables to do simple firewalling at full line rate 10Gbps and it ate a bowl of fail big time (and that was without any disk/io capturing).

I'm assuming perhaps newer PCI Express version 3 10G NICs will be released that may be able to get you over that hump but for now it's really tricky to do this on a single box.

Which is why vendors charge $50k for those ASIC based capturing boxes =)

Thanks,
-Drew


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Phil Bedard
Sent: Monday, January 09, 2012 2:13 PM
To: OBrien, Will
Cc: J NSP
Subject: Re: [j-nsp] Whitebox 10Gb/s capture challenge

How much traffic is actually on the boxes?  A full 10G or some fraction?  Are they in the same datacenter?  There are muxing boxes from onpath,apcon, anue, net optics, etc.  which might let you get away with less actual capture devices.  Keep in mind some of those solutions are fairly expensive themselves... 

Phil

On Jan 9, 2012,s  at 11:05 AM, "OBrien, Will" <ObrienH at missouri.edu> wrote:

> I'm pondering the idea of trying to build a relatively inexpensive 10Gb capture box.
> The simple solution is a dell R710 with 10Gb nics. I have some, they work, but I'd have to spend $50k to get enough of them.
> 
> So, my challenge is keeping the price point is something around $1000-$1500 - basically the 10Gb version of a 1u gigE capture system.
> 
> In general, I probably don't need to ever write 10Gb/s to disk, but it would be nice load the dice for success.
> My thoughts are a reasonable performance motherboard with 10Gb PCIe nics or a white box mobo with onboard SFP+ ports.
> 
> Anyone gone this route?
> 
> 
> Will O'Brien
> University of Missouri, DoIT DNPS
> Network Systems Analyst - Redacted
> 
> obrienh at missouri.edu
> 
> 
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list