On Thu, 01 Jul 2010 19:24:38 -0400, Darren Bolding <dar...@bolding.org>
wrote:
Tap manufactures will be sure to tell you of many issues.
Well, there are issues on both sides...
A true tap is an electronic mirror. It doesn't much care what the signal
is; whatever it senses, it replicates. As the OP is talking about an
aggrigating tap, he's already using a switch. I've used NetworkCritical,
NetOptics, and several other "cheap" taps. None of them are even remotely
cheap. That said, use an ethernet switch...
The main concern I would have is that it is possible for a switch to drop
frames of a SPAN. Your decision might be influenced based on your
application and the impact of such errors (billing, lawful intercept,
forensics).
Yes, a switch can drop traffic (inbound and out.) But so can a tap. And
so can the thing listening to the tap.
At work I'm configuring an integrate Broadcom 10G switch (SoC) as a pure
mirror. The ports wired to the system form a trunk group which is the
destination for the mirror of the external ports. This is exactly what
you'll find inside $$$$$ commercial multiport aggrigating "taps". (and
btw, we've thrown over 1Mpps at it without issue; ~50% 64byte packets, the
bane of any switch. (recorded) real world traffic, not some Spirent
simulation.)
--Ricky
