<img alt="" src="http://www.oita4bali.com/151621.png" style="display:none;">

Best Practices for Network Monitoring Traffic Capture

Posted by OJ Johnston on Thu, Dec 20, 2012 @ 18:12 PM

In recent years, companies have shown the benefits of “copying” and sending traffic from network backbones to purpose-built monitoring devices…no interference with the existing, “live” traffic and the traffic can be analyzed in real-time or stored for later playback. However, the best approaches to “copying” and sending the traffic to be monitored has been a source of contention.  As 40/100G becomes more prevalent, how the traffic is accessed will become increasingly important.

Initially, the Switched Port Analyzer (SPAN) ports were used to deliver copies of traffic to analyzers, but this has posed several problems at the 1G and 10G data rates, which likely will increase exponentially with 40/100G:

  • SPAN ports are part of the switch/router and operate in much the same way as typical ports, so the data is not always an exact copy
     
  • Traffic congestion both on the router and on the SPAN port itself can result in increased latency or the traffic to be dropped completely
     
  • Relying on a device that could be creating the problem to help identify it can be a self-defeating exercise
     
Read More

Topics: 100G, network monitoring, network tap, traffic capture, analyzer port, passive optical taps, layer 1 switch, ethernet tap, network traffic analyzer