Re: Sizing of a box requiring 2x10Gbps

[Paul Halliday <paul.halliday () gmail com>]

On Wed, Jul 7, 2010 at 5:28 AM, Sven Juergensen (KielNET)
<s.juergensen () kielnet de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi list,
>
> I'm playing with the thought of implementing an
> IDS for our network. Now, for the box handling
> this, a bit of advice would be appreciated. It
> needs 2 10GE interfaces and would have to soak
> up a throughput of about 4GBps tops. The amount
> of accumulated data should last about a week.

A single box and a 4GB link? How sustained is the 4GB? What is the
median and nature of the link? What kind of info are you interested
in?.  All? mostly x? mostly y?..

Do you have access to break it up a bit; i.e. is this an aggregation
point? I don't know what your source is but you might be able to (at a
lower level) break this into filtered streams and use crap hardware to
process it using a distributed setup.

More info would be a good start :)

Is this your first setup?

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users