IDS mailing list archives

Re: Taps supporting traffic aggregation ...

From: Thierry Bôle <tbole () telsys ch>
Date: Thu, 29 Jan 2004 17:50:18 +0100

Ken,

I know all the benefits we can have with a IDS Balancer and we can'tcompare a taps (passvie device) with a layer 7 switch.

My aim with taps supporting traffic aggregation is to reduce the numbersof ports used on the IDS balancer.


for example, if you want to monitor 4 segments:

With normal taps: you have to use 8 ports on the IDS Balancer
With taps supporting traffic aggregation: you only have to use 4 ports





kgeorgiades () toplayer com wrote:

Thierry,

The best way to do this is using an IDS Balancer. (possibly the only way to
do it right)

The IDS Balancer will:

a) Aggregate the trafficb) Filter the traffic (if you want to do that, so that you can send

different traffic to different sensors)
c) Create multiple copies (e.g. same traffic to 2 different sensors)
d) Load balance the traffic to groups of sensors.

The pricing of the Top Layer IDS Balancer is very close to the prices of
taps.

The ROI of the IDS Balancer is so compelling that most of out customers
admit that the savings pay for the IDS Balancer from day one.

The Top Layer IDS Balancer is a family of products from entry level fast
Ethernet configurations to multi-GigE.

http://www.toplayer.com/content/products/intrusion_detection/ids_balancer.js
p


Note: I work for Top Layer.


Kyriacos (Ken) Georgiades
Senior Director, Product Line Management
Top Layer Networks, Inc
Tel: 508 870 1300 x 231
Cell: 508 783 5988
Fax: 508 870 9797
Email: kgeorgiades () toplayer com
www.toplayer.com


-----Original Message-----
From: Thierry Bôle [mailto:tbole () telsys ch]
Sent: Monday, January 26, 2004 8:00 AM
To: focus-ids () securityfocus com
Subject: Taps supporting traffic aggregation ...


Hello,

Has anyone tested taps supporting traffic aggregation (with thecapability to mirror the traffic only on one link)

I know that we can have some bandwidth limitations: if the 2 networkports are operating at 100mbps and the IDS port is operating at 100mbpsas well, then under sustained aggregate bandwidth of greater than100mbps, packets will get dropped.


Thank you for your feedback.

Thierry


---------------------------------------------------------------------------
---------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------


--
________________________________________________
 Thierry BOLE
 Technical Support - Security Division
 Telecom Systems SA
 Une societe de Groupe Silicomp
 En Budron E7
 1052 Le Mont/Lausanne
 Switzerland
 Tel : +41 21 651 42 51 - Fax : +41 21 652 39 10
 mailto:tbole () telsys ch - http://www.telsys.ch
 _________________________________________________


---------------------------------------------------------------------------
---------------------------------------------------------------------------

Current thread:

Taps supporting traffic aggregation ... Thierry Bôle (Jan 27)
- Re: Taps supporting traffic aggregation ... Andy Cuff (Jan 27)
- RE: Taps supporting traffic aggregation ... Steve Bernard (Jan 27)
  - Re: Taps supporting traffic aggregation ... Matthew Jonkman (Jan 27)
    - RE: Taps supporting traffic aggregation ... Chris Ralph (Jan 28)
- <Possible follow-ups>
- RE: Taps supporting traffic aggregation ... William_Boyle (Jan 27)
  - RE: Taps supporting traffic aggregation ... Steve Bernard (Jan 29)
- RE: Taps supporting traffic aggregation ... Josh.Berry (Jan 28)
- RE: Taps supporting traffic aggregation ... kgeorgiades (Jan 28)
  - Re: Taps supporting traffic aggregation ... Andy Cuff (Jan 29)
  - Re: Taps supporting traffic aggregation ... Thierry Bôle (Jan 29)