SRX Services Gateway
Highlighted
SRX Services Gateway

Network Taps and Traffic Aggregators

‎06-30-2014 09:24 AM

Hi Experts,

 

not sure if this is the right place to pose.

 

has anyone used network taps and traffic aggregators for network monitoring implementation?

 

if you have, can you recommand good vendors wit  their products?

 

 

thank you,

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Network Taps and Traffic Aggregators

‎07-01-2014 04:44 AM

I've had good experiences with taps from both Net  Optics and Corning.  The Net Optics are straight up taps.  The Corning system is an optical patch panel that you can also place tap modules into.

 

http://www.netoptics.com/products/network-taps

 

http://catalog.corning.com/opcomm/en-US/catalog/MasterProduct.aspx?cid=pretium_edge_ao_module_web&pi...

 

For aggregators Apcon has been a good performer.  You chose a chassis size then populate with switch blades for the aggregation.  They also offer de-duplication blades so you can pull out multiple copies of the same packet if you tap along multiple points of the path and your tools do not have de-duplication built in.

 

Apcon recently started offering tap modules as well, but I haven't used them.  There could be an advantage because the tap itself means you don't need an "input" port for the feed.  But the port density is much smaller on the tap modules for the slot they consume.

 

http://www.apcon.com/products/intellaflex-series-3000-xr-network-monitoring-switch

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: Network Taps and Traffic Aggregators

‎07-01-2014 07:02 AM

Hi Spuluka,

 

Thank you for your reply. We have net optics for taps and Anue for traffic aggregator. net optics are good but they required two ports on aggregator to complete the bi directional traffic. 

 

Did you have to do the same on your aggregator as well or is there a way to walk around to use just one port on aggregator?

 

as for Anue, we notice when we map more than one network ports to a tool port, it drops packets on the tool port although the combined actual coming thru those network ports doesn't exceed the tool port bandwidth.

 

Did you see that happen on Apcon aggregator?

 

Thank you, 

Highlighted
SRX Services Gateway

Re: Network Taps and Traffic Aggregators

‎07-02-2014 03:59 AM
We have net optics for taps and Anue for traffic aggregator. net optics are good but they required two ports on aggregator to complete the bi directional traffic. 

 This is a requirement to capture both transmit streams of the traffic.  Think about this at the physical level.  There is a transmit on side A connected to a receive on side B.  Then a second connection with a transmit on side B connected to a receive on side A.  Thus every tap gives you two feeds of traffic.

 

Sometimes you are interested in just what is being sent by one device and not the other.  Other times you need both feeds.   The matrix switch point is a single collector.  So you need two to collect both points.

 

as for Anue, we notice when we map more than one network ports to a tool port, it drops packets on the tool port although the combined actual coming thru those network ports doesn't exceed the tool port bandwidth.

 In matrix switches there are three potential choke points that can cause packet loss:

 

  1. Bandwidth limit - as you  note your card will have a limit on the port capacity.
  2. Backplane limit - when you connect ports across multiple cards the traffic crosses the device backplane.  There is an aggregate limit for ALL traffic hitting the backplane.  If you overload this you will lose packets.
  3. Processing limits - If your matrix switch allows you to apply filters you may hit a limit on the processing power to filter the streams.

  You will need to determine why the traffic is being dropped and reorganize your feeds accordingly on the matrix switch or upgrade to one with more capacity in the affected area.

 

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home