Might also take a look at Gigamon, Anue Systems, and similar vendors. It's possible to use these switches to "slice and dice" traffic from a 10g input to a farm of 1g tools for packet capture, ids, waf, content filtering etc. Although there is a cost, it's usually cheaper than having to upgrade multiple existing tools to 10g speeds. It also solves the issues with the number of source span's allowed on many Cisco switches, and avoids the bus/disk issues tools run into when dealing with 10g linerates. (For now at least)
~jdh -----Original Message----- From: Michael Holstein [mailto:[email protected]] Sent: Friday, April 29, 2011 9:44 AM To: Kyle Creyts Cc: [email protected] Subject: Re: Wire-rate Packet Capture on 10gbE > How is this being done? I've looked at looked at PF_RING and TNAPI... > is there anything better out there? > Those two (thanks to Luca) can get you most of the way there, but to really hit the target you need dedicated kit like Endace (and a few others) make. They basically do what was represented in the CCC slides somebody else posted (FPGA with own logic), but on a PCIe card. Once you've got the ethernet -> interface problem addressed, you need to examine bottlenecks in interface->bus and particularly bus->disk. Regards, Michael Holstein Cleveland State Unversity > --Kyle > > ______________________________________________________________________________________________________ The information contained in this electronic message and any attachments is confidential, is for the sole use of the intended recipient(s) and may contain privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, you must not read, use or disseminate the information, and should immediately contact the sender by reply email and destroy all copies of the original message.
