IDS mailing list archives
Re: Taps supporting traffic aggregation ...
From: Matthew Jonkman <matt () infotex com>
Date: Tue, 27 Jan 2004 22:39:38 -0500
The big issue in taps bringing traffic together is that you have different networks that are not aware of each other. If both go down the same wire you'll have collisions, and thus lost data. If you're aggregating 2 links that are high load you'll lose most of the traffic.
I've successfully had multiple taps feeding into a dedicated switch and then did a span of that switch. The switch was able (if you get a good quality one) to buffer the packets and thus avoid the collisions. All the data still flows if you do an ingress span of the ports from the taps.
The key is a very good quality switch though. The 100 dollar staples cheapo won't cut it.
Matt Steve Bernard wrote:
I can't say that I've ever seen a tap that aggregates traffic. Products from Top Layer, F5, Alteon, and the like are marketed as "IDS load balancers". I've talked to NetOptics before about building a tap that actively monitors multiple links and pushes them all down one monitoring port but, they didn't have anything like that and it didn't seem likely that they ever would. Steve -----Original Message----- From: Thierry Bole [mailto:tbole () telsys ch] Sent: Monday, January 26, 2004 8:00 AM To: focus-ids () securityfocus com Subject: Taps supporting traffic aggregation ... Hello, Has anyone tested taps supporting traffic aggregation (with the capability to mirror the traffic only on one link) I know that we can have some bandwidth limitations: if the 2 network ports are operating at 100mbps and the IDS port is operating at 100mbps as well, then under sustained aggregate bandwidth of greater than 100mbps, packets will get dropped. Thank you for your feedback. Thierry --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Taps supporting traffic aggregation ... Thierry Bôle (Jan 27)
- Re: Taps supporting traffic aggregation ... Andy Cuff (Jan 27)
- RE: Taps supporting traffic aggregation ... Steve Bernard (Jan 27)
- Re: Taps supporting traffic aggregation ... Matthew Jonkman (Jan 27)
- RE: Taps supporting traffic aggregation ... Chris Ralph (Jan 28)
- Re: Taps supporting traffic aggregation ... Matthew Jonkman (Jan 27)
- <Possible follow-ups>
- RE: Taps supporting traffic aggregation ... William_Boyle (Jan 27)
- RE: Taps supporting traffic aggregation ... Steve Bernard (Jan 29)
- RE: Taps supporting traffic aggregation ... Josh.Berry (Jan 28)
- RE: Taps supporting traffic aggregation ... kgeorgiades (Jan 28)
- Re: Taps supporting traffic aggregation ... Andy Cuff (Jan 29)
- Re: Taps supporting traffic aggregation ... Thierry Bôle (Jan 29)