From jason@biel-tech.com Fri Jul 6 02:41:28 2018 From: Jason Biel To: cypherpunks-legacy@lists.cpunks.org Subject: Re: Experiences with "advanced" network taps. Date: Fri, 06 Jul 2018 02:41:28 +0000 Message-ID: <172289081865.3849117.8340284351819666741.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0528910099287144980==" --===============0528910099287144980== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Look at NetOptics Directors or the VSS 4x24. I've deployed several. On Mon, May 23, 2011 at 8:34 PM, Darren Bolding wrote: > We are planning on purchasing some network taps for a couple of locations > in > our network, and we expect to make significantly greater use of them in the > next year or two. > > Something that is new since I last investigated taps (it has been a while) > is that many of them now allow for functionality I would typically think of > as far outside what a simple tap does. > > For example: > > Selective forwarding of packets based on MAC address, TCP/UDP port, IP > address range etc. > Selective forwarding/load balancing based on flow, so that you can > distribute traffic across a cluster of devices (e.g. IDS or netflow probes) > Ability to insert a device (firewall, IDS, etc) into the network flow and > via software configuration bypass traffic around the device- e.g. able to > quickly drop a device out of the network path. > - Some have the ability to send network probes, or monitor traffic > downstream of an inline device so they can automatically take the device > out > of line if it fails to pass traffic. > - Some can filter which traffic goes through the inline device and merge it > back with the traffic that was not sent to the inline device for downstream > consumption. > Some can be connected and automatically be managed as if one device, > allowing monitor and replication ports to be used across the stack/mesh of > devices. > > All of this is very interesting. Of course these taps cost more than your > basic dumb tap. > > More interestingly to me is that these taps are no longer dumb, and that > makes them a bit of a riskier proposition. In evaluating some we have run > into issues ranging from misconfiguration/user error to what appear to be > crashes (with associated loss of forwarding). > > I'm wondering if anyone has had significant experience deploying these more > advanced taps, whether it was good or bad, general comments you might like > to share regarding them, and whether you would recommend particular > vendors. > > If people reply off-list, I will make a point of summarizing back if I get > any feedback. > > Thanks! > > --D > > -- > -- Darren Bolding -- > -- darren(a)bolding.org -- > -- Jason ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============0528910099287144980==--