mailing list archives
RE: Wire-rate Packet Capture on 10gbE
From: Joe Happe <Joe.Happe () archlearning com>
Date: Fri, 29 Apr 2011 10:31:43 -0500
Might also take a look at Gigamon, Anue Systems, and similar vendors. It's possible to use these switches to "slice
and dice" traffic from a 10g input to a farm of 1g tools for packet capture, ids, waf, content filtering etc. Although
there is a cost, it's usually cheaper than having to upgrade multiple existing tools to 10g speeds. It also solves the
issues with the number of source span's allowed on many Cisco switches, and avoids the bus/disk issues tools run into
when dealing with 10g linerates. (For now at least)
From: Michael Holstein [mailto:michael.holstein () csuohio edu]
Sent: Friday, April 29, 2011 9:44 AM
To: Kyle Creyts
Cc: nanog () nanog org
Subject: Re: Wire-rate Packet Capture on 10gbE
How is this being done? I've looked at looked at PF_RING and TNAPI...
is there anything better out there?
Those two (thanks to Luca) can get you most of the way there, but to really hit the target you need dedicated kit like
Endace (and a few
others) make. They basically do what was represented in the CCC slides somebody else posted (FPGA with own logic), but
on a PCIe card.
Once you've got the ethernet -> interface problem addressed, you need to examine bottlenecks in interface->bus and
Cleveland State Unversity
The information contained in this electronic message and any attachments is confidential,
is for the sole use of the intended recipient(s) and may contain privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, you must not read, use or disseminate the information, and should immediately
contact the sender by reply email and destroy all copies of the original message.