As I was doing a design today. I found that I had a bunch of 100 MB connections that I was going to bring into a aggregation tap. Then I was thinking, why don't I use a switch like a Cisco 3560 to gain more density. Anyone run into this? Any down falls with using a switch to aggregate instead of a true port aggregator?? Regards, Matthew
Depends on the the bunch of 100MB connections. On the down side, when aggregating using a Cisco switch is a limit on the number of switch ports you can aggregate. On the up side, you don't have to be concerned about another device between the switch and device you want to connect to. Gary Gary Gladney Space Telescope Science Institute Email: gladney@stsci.edu Voice: 410.338.4912 Public Key: ldap://certserver.pgp.com ---- Original message ----
Date: Thu, 1 Jul 2010 16:48:14 -0400 From: "Bein, Matthew" <mbein@iso-ne.com> Subject: SPANS Vs Taps To: <nanog@nanog.org>
As I was doing a design today. I found that I had a bunch of 100 MB connections that I was going to bring into a aggregation tap. Then I was thinking, why don't I use a switch like a Cisco 3560 to gain more density. Anyone run into this? Any down falls with using a switch to aggregate instead of a true port aggregator??
Regards,
Matthew
Tap manufactures will be sure to tell you of many issues. The main concern I would have is that it is possible for a switch to drop frames of a SPAN. Your decision might be influenced based on your application and the impact of such errors (billing, lawful intercept, forensics). A tap vendors take: http://www.networkcritical.com/What-are-Network-Taps On a somewhat related note, I will mention that TNAPI from ntop is quite handy. http://www.ntop.org/TNAPI.html <http://www.networkcritical.com/What-are-Network-Taps>--D On Thu, Jul 1, 2010 at 1:48 PM, Bein, Matthew <mbein@iso-ne.com> wrote:
As I was doing a design today. I found that I had a bunch of 100 MB connections that I was going to bring into a aggregation tap. Then I was thinking, why don't I use a switch like a Cisco 3560 to gain more density. Anyone run into this? Any down falls with using a switch to aggregate instead of a true port aggregator??
Regards,
Matthew
-- -- Darren Bolding -- -- darren@bolding.org --
On Thu, 01 Jul 2010 19:24:38 -0400, Darren Bolding <darren@bolding.org> wrote:
Tap manufactures will be sure to tell you of many issues.
Well, there are issues on both sides... A true tap is an electronic mirror. It doesn't much care what the signal is; whatever it senses, it replicates. As the OP is talking about an aggrigating tap, he's already using a switch. I've used NetworkCritical, NetOptics, and several other "cheap" taps. None of them are even remotely cheap. That said, use an ethernet switch...
The main concern I would have is that it is possible for a switch to drop frames of a SPAN. Your decision might be influenced based on your application and the impact of such errors (billing, lawful intercept, forensics).
Yes, a switch can drop traffic (inbound and out.) But so can a tap. And so can the thing listening to the tap. At work I'm configuring an integrate Broadcom 10G switch (SoC) as a pure mirror. The ports wired to the system form a trunk group which is the destination for the mirror of the external ports. This is exactly what you'll find inside $$$$$ commercial multiport aggrigating "taps". (and btw, we've thrown over 1Mpps at it without issue; ~50% 64byte packets, the bane of any switch. (recorded) real world traffic, not some Spirent simulation.) --Ricky
participants (4)
-
Bein, Matthew
-
Darren Bolding
-
Gary Gladney
-
Ricky Beam