On 09/06/2010 10:23 PM, chris stand wrote:
For those of you who are doing 10 Gb connections what are you using for
packet capture and analysis ? Same tools you used at 1 Gb ?
How about port aggregation ? Smart taps ?
"It depends"
Search the archives for previous questions I've asked on URL logging at
10gig. I got a lot of useful feedback. You're basically looking at:
1. Smart taps like the Gigamon GigaVUE (Orange!)
2. Mirroring to a port channel / load balancer
3. Smart NICs with onboard filters
4. brute-force ultra-fast capture box
4 can involve bits of 3 as well; using a NIC with an accelarated API for
capturing such as the MyriCOM SNF stuff for example.
We use option 2 in lieu of option 1; if your device permits it, you can
do a dirty hack, such as put a layer3 ACL in the capture port which
gives you a cheap and cheerful version of option 1. If you're careful,
you can buy a device with esoteric ACL capabilities such as "override
output port" and build some really quite clever stuff (Extreme x450e in
case you're wondering).
We also use short-lived ERSPAN sessions to option 4 for operational
troubleshooting.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
