Experiences with "advanced" network taps.

Jason Biel jason at biel-tech.com
Mon May 23 18:36:45 PDT 2011 

Look at NetOptics Directors or the VSS 4x24.  I've deployed several.

On Mon, May 23, 2011 at 8:34 PM, Darren Bolding <darren at bolding.org> wrote:

> We are planning on purchasing some network taps for a couple of locations
> in
> our network, and we expect to make significantly greater use of them in the
> next year or two.
>
> Something that is new since I last investigated taps (it has been a while)
> is that many of them now allow for functionality I would typically think of
> as far outside what a simple tap does.
>
> For example:
>
> Selective forwarding of packets based on MAC address, TCP/UDP port, IP
> address range etc.
> Selective forwarding/load balancing based on flow, so that you can
> distribute traffic across a cluster of devices (e.g. IDS or netflow probes)
> Ability to insert a device (firewall, IDS, etc) into the network flow and
> via software configuration bypass traffic around the device- e.g. able to
> quickly drop a device out of the network path.
> - Some have the ability to send network probes, or monitor traffic
> downstream of an inline device so they can automatically take the device
> out
> of line if it fails to pass traffic.
> - Some can filter which traffic goes through the inline device and merge it
> back with the traffic that was not sent to the inline device for downstream
> consumption.
> Some can be connected and automatically be managed as if one device,
> allowing monitor and replication ports to be used across the stack/mesh of
> devices.
>
> All of this is very interesting.  Of course these taps cost more than your
> basic dumb tap.
>
> More interestingly to me is that these taps are no longer dumb, and that
> makes them a bit of a riskier proposition.  In evaluating some we have run
> into issues ranging from misconfiguration/user error to what appear to be
> crashes (with associated loss of forwarding).
>
> I'm wondering if anyone has had significant experience deploying these more
> advanced taps, whether it was good or bad, general comments you might like
> to share regarding them, and whether you would recommend particular
> vendors.
>
> If people reply off-list, I will make a point of summarizing back if I get
> any feedback.
>
> Thanks!
>
> --D
>
> --
> --  Darren Bolding                  --
> --  darren at bolding.org           --
>



-- 
Jason

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list