[j-nsp] Whitebox 10Gb/s capture challenge
Kevin Wormington
kworm at sofnet.com
Thu Jan 12 13:34:43 EST 2012
For something between an off-the-shelf server and a purpose-build
appliance there are hardware capture cards from companies like Napatech
that can get wire speed into system memory and can also do filtering in
hardware to just get the packets you are interested in to system memory.
On 01/12/2012 12:30 PM, Keegan Holley wrote:
> Not to ruin the fun but there are appliances and hardware taps that are
> purpose built for this. An appliance is probably going to be easier to
> manage than an actual server. It also scales much better and provides
> better fault tolerance.
>
>
> 2012/1/12 Drew Weaver<drew.weaver at thenap.com>
>
>> Everyone pointed out really good notes here as well but as far as I know
>> and this may have changed recently but if you do the 10Gbps / smallest
>> possible packet size you'll crush the CPU before it ever gets anywhere near
>> the disks.
>>
>> I was trying to figure out a way to use iptables to do simple firewalling
>> at full line rate 10Gbps and it ate a bowl of fail big time (and that was
>> without any disk/io capturing).
>>
>> I'm assuming perhaps newer PCI Express version 3 10G NICs will be released
>> that may be able to get you over that hump but for now it's really tricky
>> to do this on a single box.
>>
>> Which is why vendors charge $50k for those ASIC based capturing boxes =)
>>
>> Thanks,
>> -Drew
>>
>>
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net [mailto:
>> juniper-nsp-bounces at puck.nether.net] On Behalf Of Phil Bedard
>> Sent: Monday, January 09, 2012 2:13 PM
>> To: OBrien, Will
>> Cc: J NSP
>> Subject: Re: [j-nsp] Whitebox 10Gb/s capture challenge
>>
>> How much traffic is actually on the boxes? A full 10G or some fraction?
>> Are they in the same datacenter? There are muxing boxes from
>> onpath,apcon, anue, net optics, etc. which might let you get away with
>> less actual capture devices. Keep in mind some of those solutions are
>> fairly expensive themselves...
>>
>> Phil
>>
>> On Jan 9, 2012,s at 11:05 AM, "OBrien, Will"<ObrienH at missouri.edu>
>> wrote:
>>
>>> I'm pondering the idea of trying to build a relatively inexpensive 10Gb
>> capture box.
>>> The simple solution is a dell R710 with 10Gb nics. I have some, they
>> work, but I'd have to spend $50k to get enough of them.
>>>
>>> So, my challenge is keeping the price point is something around
>> $1000-$1500 - basically the 10Gb version of a 1u gigE capture system.
>>>
>>> In general, I probably don't need to ever write 10Gb/s to disk, but it
>> would be nice load the dice for success.
>>> My thoughts are a reasonable performance motherboard with 10Gb PCIe nics
>> or a white box mobo with onboard SFP+ ports.
>>>
>>> Anyone gone this route?
>>>
>>>
>>> Will O'Brien
>>> University of Missouri, DoIT DNPS
>>> Network Systems Analyst - Redacted
>>>
>>> obrienh at missouri.edu
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list