Apr 2 2008 6:22PM GMT
Posted by: Troy Tate
LAN,
Performance,
Networking,
WAN,
Monitoring,
Network TAPs
As expected there are several different manufacturers and models that can handle this task. The reseller I spoke with suggested three different devices from two different manufacturers.
Network Instruments nTAP - This is the particular device that initially captured my interest in this type of solution. More information can be found here
Datacom Systems Singlestream aggregation tap - More information on the 10/100 aggregation tap can be found here. Details on a gigabit tap can be found here.
The prices I received on these devices went from around $1000 to $1500 to $2000. As you can see, there are lots of choices. I have requested a demo model of the $1000 device and will see if it will meet my needs. More to come!
Thanks for your time. Let’s be good network citizens together & practice safe networking!
Mar 20 2008 1:09PM GMT
Posted by: Troy Tate
Networking,
Monitoring,
WAN,
Network TAPs
What is the best means of watching data network traffic at the edge? My need: watch traffic inbound and outbound at the edge of the LAN and be able to remotely view reports. The reports would show information such as: current traffic flow volume & conversations; historic traffic flow volume; netflow data; latency from LAN to remote hosts.
So, some questions need to be asked and some answers given.
Where to place potential solutions:
- In the router or “cloud”.
- In the edge LAN switch.
- Between the router and the edge LAN switch.
What are the potential issues with sensor location:
- Router or “cloud” - network address translation (NAT) may hide actual source address information. What load would this service put on the router? Would there be any costs for implementing this on the router and/or in the cloud? We use managed data network services so this could be a concern.
- LAN edge switch - is port spanning or “mirroring” a valid option? What other monitoring services can the switch provide? SNMP or RMON? How would the monitor be remotely accessed if there is only one NIC and it is in listening mode only? Note that placing a destination switch port in span mode does not permit any outbound traffic to occur on that interface.
- Between the LAN & WAN - is another switch needed with port spanning/mirroring? Would a hub work with it creating a half-duplex link for inbound/outbound traffic?
What hardware provides potential solutions:
- Router or “cloud” - not the preferred method since not under my control and may have change request or monthly service costs involved.
- LAN edge switch - monitoring system would require dual NIC’s; one to listen/monitor and one for remote access. Port spanning or mirroring could place a load on the switch. SNMP or RMON queries can add traffic to the network link and impact the monitoring accuracy.
- Between the LAN & WAN - a hub is not desirable due to the fact mentioned above. It causes a full-duplex link to go to half-duplex and creates a bottleneck even though the WAN link is usually much smaller than the LAN. There is an alternative to the hub. That device appears to be called a network TAP or port aggregator. This is the solution I plan on investigating further.
Has anyone else had experience with implementing a network TAP or port aggregator for network monitoring? I will also discuss what applications I plan on using to monitor network traffic in a future post.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
