Hi Alfredo, Thanks for the quick resp. To answer your questions: 1. Ingress: 1x 10Gb / Egress: 3x 10Gb + 1x 1Gb 2. <5Gbps 3. The 1Gb filter is set by selecting 802.1q VLANs (alternatively, may be replaced by Segment/IP range filter); 10Gb are unfiltered - namely copy everything
Thanks, Oren ________________________________ From: [email protected] <[email protected]> on behalf of Alfredo Cardigliano <[email protected]> Sent: Wednesday, August 28, 2019 12:59 PM To: [email protected] <[email protected]> Subject: Re: [Ntop-misc] 10/40Gb simple Tap Hi Oren traffic aggregation from multiple ingress ports and duplication/distribution to multiple egress interfaces is available with PF_RING ZC, we have a tool (zbalance_ipc) which is based on the ZC API and able to do that A small subset of the functionalities provided by this tool are described at https://www.ntop.org/guides/pf_ring/rss.html#zc-load-balancing-zbalance-ipc please note that it is able to distribute traffic to processes on the same host, as well as egress interfaces. What is missing is traffic filterins on the egress interfaces, however that is already supported by the ZC API, and the tool can support it with small changes. The main concern here is about performance, it really depends on a few factors: 1. number of ingress/egress links 2. traffic rate 3. filters Do you have some number? Alfredo On 28 Aug 2019, at 14:33, Oren N <[email protected]<mailto:[email protected]>> wrote: Hi, Is it possible to build an inexpensive 10/40Gb simple Tap using PF_RING + ZC? The base requirements is as follows: 1. Monitor a mix of 10Gb and 1Gb interfaces 2. Reduplicate traffic to N x 10/40Gb output interfaces 3. Each output interface may have a network filter 4. Each output interface receives all input packets that match the network filter 5. Simple CLI/GUI Is this a feasible/documented solution using PF_RING? What are the limitations? E.g., packet loss if input > output What are the HW specs for such box? E.g., 8 core CPU, mem, disk, ... for input < 2x 10Gb+2x 1G input ; Enough PCI slots Are there additional HW/SW costs beyond the PF_RING ZC NICs? Thanks, Oren _______________________________________________ Ntop-misc mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
