Some colleagues wrote up Microsoft DEMon: https://sharkfest.wireshark.org/sharkfest.12/presentations/A-4_Leveraging_Op... -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Kristian Francisco Sent: Saturday, June 27, 2015 9:12 PM To: Rafael Possamai <rafael@gav.ufsc.br> Cc: nanog@nanog.org Subject: Re: Data Center Network Monitoring with TAPs I'm designing the first phase of a datacenter network monitoring project for my company. We are starting with SPAN at access layer and plan to control traffic volume using filtering, slicing, de-dupe, etc. There are instances when we need to do capacity/delay analysis on L2 traffic and Ixia, APCON, Emulex etc. are coming out with flow generators for SPAN/TAP traffic. We may decide to go with TAP in the future as we found a vendor that was willing to implement functionality to allow us to offload flow generation from our access/distribution/core devices by creating templates based on the source device/interface. In essence, to our monitoring tools, netflow traffic will seem as if it is coming from the real device. Best Regards, Kristian J. Francisco On Mon, Jun 22, 2015 at 9:44 AM, Rafael Possamai <rafael@gav.ufsc.br> wrote:
Here's a recent forum thread that discussed the same exact topic. You might find some insight:
http://www.reddit.com/r/networking/comments/3aip3p/data_center_network _monitoring/
On Sat, Jun 20, 2015 at 11:06 AM, Mitch Howards <hbf9121@hotmail.com> wrote:
Hello All,
Was wondering what folks are using to monitor traffic on their networks. Looking into Ixia and APCON devices for dedup and other filtering features as well as passive fiber TAPs to capture the traffic.
How are folks handling TAP'ing large data center networks? TAPs at the "distribution layer" would be the best fit for my network but that would require a ton of passive fiber TAPs for the incoming fibers to the distribution switches. The end goal is to not only capture the north-south traffic on the network but also east-west traffic. It seems more efficient to just use SPANs but there are many limitations using SPANs.
Thanks in advance for any suggestions.
Mitch