124 PORTS X 10G PACKET CAPTURE AGGREGATION
Increasing Packet Capture Port Density with FMAD 40Gbps Packet Capture Systems and a regular switch. Using our 2x40G Packet Capture System and 2 separate switches you can achieve excellent cost per port capture numbers.
INCREASING PACKET CAPTURE PORT DENSITY
The safest approach to packet capture is using Layer 1 Fiber Optical TAP`s as its completely passive (no active electrical components) and highly robust, your literally splitting the light on the wire and nothing else. Its not to say Layer 1 Fiber optic TAPs go bad but its extremely rare to hear this. The problem with this approach is, it creates an enormous amount of ports to capture.
Capturing a single 10G line, requires 2x10G ports, one for Transmit, one for Receive and it quickly escalates into a some what large number of ports to capture. To review we discussed in the post 10G TAP SPAN MIRROR. So whats new? our FMAD80 2x 40Gbps Packet Capture system is whats new!
The approach is using a switch's 40G up-link port as the SPAN/MIRROR port to our 40G Packet Capture system. This way you can run 2 separate aggregation switch's into a single Packet Capture system. The result can be some incredible port density at more than reasonable costs.
LOW COST BARE METAL AGGREGATION
Using some of the low cost bare metal switches, for example the AUORA 720 with the OpenSwitch software is only $7,000 USD and supports 32x 40GH QSFP ports with breakout cables it can support a maximum of 124 x 10G ingress ports, with a single 40G egress SPAN port to our switch. Put two of these together with our FMAD80 system with 24TB of storage, and you have aggregation of 248 x 10G ports, with 80Gbps of capture bandwidth!
That makes the total cost of:
2 x AUORA 720 : $14,000 USD
1 x FMAD80 24TB : $48,000 USD
Total : $62,000 USD / 248 10G Ports
Resulting in... $250 / capture port, incredible really. Of course there`s limitations, its a maximum of 80Gbps capture rate meaning out of the theoretical 2,480 Gbps (248 x10G) you can only capture 80Gbps worth of data. However for many monitoring applications it may burst to 10Gbps but the 24H sustained utilization is typically closer to 1Gbps or less. None the less its an interesting approach on how to deal with a large number of Layer 1 fiber TAP`s.
An example setup is shown above, you could use a regular 24 x 10G port switch with 1 x 40G up-link with a much better over subscription rate. The final key point is using FMAD80`s automatic push functionality to output PCAP`s to a remote file server. This way our 2 x 40Gbps packet capture system acts as a temporary cache for buffering line rate data, with the storage server focusing on massive PetaByte level storage capacity.
Drop us an email if it sounds interesting, more than happy to discuss!
