IDS mailing list archives
RE: Taps supporting traffic aggregation ...
From: Steve Bernard <sbernard () gmu edu>
Date: Thu, 29 Jan 2004 22:59:05 -0500
Thanks for the info. During my conversations with NetOptics I was interested only in Gigabit fiber interfaces. Regards, Steve -----Original Message----- From: William_Boyle () NAI com [mailto:William_Boyle () NAI com] Sent: Tuesday, January 27, 2004 10:25 PM To: focus-ids () securityfocus com Subject: RE: Taps supporting traffic aggregation ... Funny, someone just brought this to my attention 2 days ago. NetOptics has a 10/100 copper tap that aggregates the link. It uses a 1Mb buffer on each interface to handle spikes. Part Number Description 96443 10/100 Port Aggregator Tap, Rack-mount 96444 10/100 Port Aggregator Tap, PCI 96445 10/100 Port Aggregator Tap w/Active Response, Rack-mount 96446 10/100 Port Aggregator Tap w/Active Response, PCI Accessories: 96045 19" Rack Frame, Holds 3 Rack-mount Taps 96041 19" Rack Frame, Holds 12 Rack-mount Taps If you are looking for anything larger than 100Mbps or a phy other than RJ45 then you are looking at a decent switch that has the ability to mirror. You still have the problem that port buffers are only so big (regardless whether it is a port aggregation tap or a switch) and that in sustained traffic above 50% link utilization, you are dropping packets. If you want to make sure you can see ALL the traffic, the Intrushield IDS/IDP has the ability to handle the multiple stream output of a tap. Not only can it handle the full line rate, it can put the streams back together and maintain state. -bill -----Original Message----- From: Steve Bernard [mailto:sbernard () gmu edu] Sent: Tuesday, January 27, 2004 11:37 AM To: focus-ids () securityfocus com Subject: RE: Taps supporting traffic aggregation ... I can't say that I've ever seen a tap that aggregates traffic. Products from Top Layer, F5, Alteon, and the like are marketed as "IDS load balancers". I've talked to NetOptics before about building a tap that actively monitors multiple links and pushes them all down one monitoring port but, they didn't have anything like that and it didn't seem likely that they ever would. Steve --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Taps supporting traffic aggregation ... Thierry Bôle (Jan 27)
- Re: Taps supporting traffic aggregation ... Andy Cuff (Jan 27)
- RE: Taps supporting traffic aggregation ... Steve Bernard (Jan 27)
- Re: Taps supporting traffic aggregation ... Matthew Jonkman (Jan 27)
- RE: Taps supporting traffic aggregation ... Chris Ralph (Jan 28)
- Re: Taps supporting traffic aggregation ... Matthew Jonkman (Jan 27)
- <Possible follow-ups>
- RE: Taps supporting traffic aggregation ... William_Boyle (Jan 27)
- RE: Taps supporting traffic aggregation ... Steve Bernard (Jan 29)
- RE: Taps supporting traffic aggregation ... Josh.Berry (Jan 28)
- RE: Taps supporting traffic aggregation ... kgeorgiades (Jan 28)
- Re: Taps supporting traffic aggregation ... Andy Cuff (Jan 29)
- Re: Taps supporting traffic aggregation ... Thierry Bôle (Jan 29)