[c-nsp] Physical Network TAP devices
Good afternoon, We have a use case now to capture traffic at one of our egress points, and we need to use network taps. We need at least 2 sources and two destinations, in a pair of devices. - Copper 1 gig at this point. Is anyone using Copper/ Fiber Taps at 10g? Can I please get some feedback on some of the brands of taps that you fine people use? We were looking at gigamon, but I have not used TAPs in a very long time. We have a need to move to a physical device because of limitations in the hardware in where we need to capture the traffic. Any feedback is greatly appreciated. Thank you, Nick Cutting ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Physical Network TAP devices
We have yet to make a purchase but over the years we have looked at several with GigaMon being one of the leaders. An interesting option that I think we will seriously consider is Cisco Nexus 9K platform running what Cisco calls Data Broker. I find it appealing that the Nexus switch can run in hybrid mode and function both as a tap aggregation device as well as a normal Nexus switch. This option can reportedly scale up to 100Gbps http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/nexus-data-broker/data_sheet_c78-729452.html Other options we have looked at include; Anue Arista - similar option as Cisco Data Broker GigaMon Ixia -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Cutting Sent: Monday, July 17, 2017 12:39 PM To: cisco-nsp@puck.nether.net; Tom Mazzola Subject: [c-nsp] Physical Network TAP devices Good afternoon, We have a use case now to capture traffic at one of our egress points, and we need to use network taps. We need at least 2 sources and two destinations, in a pair of devices. - Copper 1 gig at this point. Is anyone using Copper/ Fiber Taps at 10g? Can I please get some feedback on some of the brands of taps that you fine people use? We were looking at gigamon, but I have not used TAPs in a very long time. We have a need to move to a physical device because of limitations in the hardware in where we need to capture the traffic. Any feedback is greatly appreciated. Thank you, Nick Cutting ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Physical Network TAP devices
On the packet broker side we are using Arista 7504R and getting a ton of performance per dollar spent... Arista has nice packet steering capability and we are really happy with the solution... If you need some advanced features like packet de-duplication you may need to shell out the big bucks and go with GigaMON or Ixia or whatever... Just looked at Big Switch Networks Big Monitoring Fabric in the past month and it sounds very interesting... On the tap side I've used taps from Netscout and didn't have any issues at all... From: cisco-nsp on behalf of Rick Martin Sent: Wednesday, July 19, 2017 10:50 AM To: Nick Cutting; cisco-nsp@puck.nether.net; Tom Mazzola Subject: Re: [c-nsp] Physical Network TAP devices We have yet to make a purchase but over the years we have looked at several with GigaMon being one of the leaders. An interesting option that I think we will seriously consider is Cisco Nexus 9K platform running what Cisco calls Data Broker. I find it appealing that the Nexus switch can run in hybrid mode and function both as a tap aggregation device as well as a normal Nexus switch. This option can reportedly scale up to 100Gbps https://urldefense.proofpoint.com/v2/url?u=http-3A__www.cisco.com_c_en_us_products_collateral_cloud-2Dsystems-2Dmanagement_nexus-2Ddata-2Dbroker_data-5Fsheet-5Fc78-2D729452.html&d=DwICAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=KfZDYG9Z0HjJnyM7sFaf--H7klz6hYbHw7jZxQxoDkc&m=IIN-uK0EBf0lXMn3nOn-yoNwZ3Gl8CSfb8fG0G7em0o&s=NoIEH98o6QTtW9jy6L58SWtNqeExmo7UmOQx629KMXg&e= Other options we have looked at include; Anue Arista - similar option as Cisco Data Broker GigaMon Ixia -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Cutting Sent: Monday, July 17, 2017 12:39 PM To: cisco-nsp@puck.nether.net; Tom Mazzola Subject: [c-nsp] Physical Network TAP devices Good afternoon, We have a use case now to capture traffic at one of our egress points, and we need to use network taps. We need at least 2 sources and two destinations, in a pair of devices. - Copper 1 gig at this point. Is anyone using Copper/ Fiber Taps at 10g? Can I please get some feedback on some of the brands of taps that you fine people use? We were looking at gigamon, but I have not used TAPs in a very long time. We have a need to move to a physical device because of limitations in the hardware in where we need to capture the traffic. Any feedback is greatly appreciated. Thank you, Nick Cutting ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_cisco-2Dnsp&d=DwICAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=KfZDYG9Z0HjJnyM7sFaf--H7klz6hYbHw7jZxQxoDkc&m=IIN-uK0EBf0lXMn3nOn-yoNwZ3Gl8CSfb8fG0G7em0o&s=6lKo2WextAuU_N4LF6LN-Eo-GmBbLu8q8jCedZ4we-w&e= archive at https://urldefense.proofpoint.com/v2/url?u=http-3A__puck.nether.net_pipermail_cisco-2Dnsp_&d=DwICAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=KfZDYG9Z0HjJnyM7sFaf--H7klz6hYbHw7jZxQxoDkc&m=IIN-uK0EBf0lXMn3nOn-yoNwZ3Gl8CSfb8fG0G7em0o&s=PhLmKZ2CRP1a_PHrRhTgXYYgzXowBMe3-oIN-2Jcic0&e= ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_cisco-2Dnsp&d=DwICAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=KfZDYG9Z0HjJnyM7sFaf--H7klz6hYbHw7jZxQxoDkc&m=IIN-uK0EBf0lXMn3nOn-yoNwZ3Gl8CSfb8fG0G7em0o&s=6lKo2WextAuU_N4LF6LN-Eo-GmBbLu8q8jCedZ4we-w&e= archive at https://urldefense.proofpoint.com/v2/url?u=http-3A__puck.nether.net_pipermail_cisco-2Dnsp_&d=DwICAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=KfZDYG9Z0HjJnyM7sFaf--H7klz6hYbHw7jZxQxoDkc&m=IIN-uK0EBf0lXMn3nOn-yoNwZ3Gl8CSfb8fG0G7em0o&s=PhLmKZ2CRP1a_PHrRhTgXYYgzXowBMe3-oIN-2Jcic0&e= ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Physical Network TAP devices
On 17 July 2017 at 18:39, Nick Cutting wrote: > Good afternoon, > > We have a use case now to capture traffic at one of our egress points, and we > need to use network taps. We need at least 2 sources and two destinations, > in a pair of devices. - Copper 1 gig at this point. Is anyone using Copper/ > Fiber Taps at 10g? > > Can I please get some feedback on some of the brands of taps that you fine > people use? > > We were looking at gigamon, but I have not used TAPs in a very long time. We > have a need to move to a physical device because of limitations in the > hardware in where we need to capture the traffic. Anytime I have had such a requirement, it has never turned into actually buying a tap device. Specifically for 1G copper we just SPAN the port. A small 8 port switch with a copper and SFP uplink port with SPAN/port mirroring capabilities are usually cheap. Then you can have 6 links for example to it and SPAN them at will without a trip to site to re-patch anything. Similarly we needed to mirror some 10G ports once but only had servers with 1G ports in those remote DCs, we just used a R-SPAN (GRE tunnel) back to another DC. You might need to elaborate on your requirements more. The only requirement we have had for an actual "tap" device is for passive fiber taps on more than 1Gbps (so 10Gbps, as 1G ports are just so cheap these days). Cheers, James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Physical Network TAP devices
For the 1G thing, we use this one http://www.pandacomdirekt.com/en/products/wdm/transponder-cards/267-gbps/2-c hannel-up-to-267gbps-3r.html With that, we can put loops in (missing at for example alcatel SAS) Do the medias-conversion (wdm/singlemode to cooper or whatever the next device is. You can program the output of any of the four ports to be the input of one of the four. So, we have 1 port line , 2 port our router , two port with gig output for each direction, So we can tap 1G full duplex and put it to whatever collecting device (silk ?) Also, we use it as an STM1 Switch for our last 155MBit line (switch the line to one or another router, so we do not need the power consuming atm-switch any more) Juergen. PS Hope this was not too much advertising ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
