After months of slaving away, problem after problem finally, yes finally! fmadio40 the 1x40G or 4x10G line rate packet capture system gets its first demo in RL (real life). There`s a lot of info on the blog about the system but its completely different when your there talking with a real live person about what’s great, what’s ok and what sucks.

Often in networking technology circles we hear the term "line rate" such as "10Gbit line rate" which roughly translates to network traffic at the maximum capacity and in this case at 10Gbit/second. While it sounds clear, the actual data transfer rate can be a bit non-intuitive.

ネットワーキングテクノロジーサークルでは良く「10Gbpsラインレート」のような「ラインレート」という用語を耳にします。これは簡単に言うとネットワークトラフィックの最大容量で、この場合10Gbit/秒になります。簡単に聞こえますが実際のデータ転送レートについてはちょっと分かりづらいです。

Good cost effective full line rate packet sniffers are great, but by them self aren`t all that helpful. The power of packet capture is when its coupled with analyzer software, such as opensource tools like Snort or Suricata, our opensource tools or your customized analysis software. We understand this and our device has exceptional integration that's easy, simple, and enables you to go from 0 to 100 within your existing infrastructure in no time flat.

The accuracy of 1PPS otherwise known as 1 Pulse per second is quite an interesting topic. We discussed how our 40G packet sniffer system calculated extreme nano accuracy time before, what’s missing is how accurate our 10G packet sniffer can synchronize UTC world time using the onboard GPS PPS signal that’s included with every system.

Packet sniffers are great (especially ours :) but a 100TB of packet captures is pretty useless without any tools for analysis. We understand this and are building up a small suite of packet analyzers that anyone can use. Better yet its fully open source on GitHub and starts with a tools to analyze packet latency.

One of the great thing about server motherboards is their remote KVM functionality, IPMI interfaces and general ability to run head-less. We use Supermicro boards which have a full featured graphical Java based KVM client you can run from a browser, which is cool. But sometimes in restrictive network topologies its would be simpler and easier to SSH into the serial port.

Hacking together a 10G packet capture system from parts is pretty easy these days, yet making that system absolutely rock solid is a completely different ball game. We`ve spent so much time fixing the 1 in 1000 type of errors which is time consuming and painful but absolutely critical to creating a rock solid packet capture system.

Ever spent hours waiting for a capture to download when all you want is a few MB worth of packets? Or spent hours waiting for Wireshark to load and process a PCAP file ? We certainly have, and it totally sucks ass. Your either running "needle in a haystack" network troubleshooting or deep dive packet analytics. In both cases its more efficient to download only parts of the data for analysis as working with 100GB+ PCAP files can stretch and break many tools.

Sadly most network packet capture systems like to talk about how shiny fast their capture rate is or the huge amount of CPU/RAM/IO/X the system has. But how often do they discuss reliability of stored captured data? after all what’s the point of capturing all this data only to have it bit-rot away?

Pulse per Second (PPS), Stratum 3 oscillators, nanoseconds, picoseconds, femtosecond? sounds like a particle physics experiment? Not quite particle physics but not that far off as 40Gbit and 100Gbit data rates are getting seriously insane and clients appetite for extreme time accuracy continues. The primary problem is simple, how do you keep highly accurate(Stratum 3) and high resolution(1ns) time to stamp on each and every packet?

High resolution time stamps are one thing, accurate world time is a completely different topic. Our systems have 3.2nsec resolution hardware timestamp, however this is the timer resolution not the accuracy of keeping world time. For precise global time we support stock PTPv2 and PTPv2 augmented with a PPS (pulse-per-second) signal. As we will see below PTPv2 gives ~100nsec synchronization levels and the accuracy of PTPv2+PPS will is discussed separately.

After months of slaving away, problem after problem finally, yes finally! fmadio40 the 1x40G or 4x10G line rate packet capture system gets its first demo in RL (real life). There`s a lot of info on the blog about the system but its completely different when your there talking with a real live person about what’s great, what’s ok and what sucks.

We`ve spent a fair amount of time talking about our capture hardware so lets switch gears and dig into the software interface. Interaction with our 10G, 40G and 100G ethernet capture systems is over HTTP or HTTPS. You can use a web browser on port 80 or CURL and HTTPS on port 1337, its completely configurable and only uses a single TCP port. Alternatively there is also a WebDAV interface if your deep in the colo and without a browser.

SSD`s are the life blood of our fmadio 10G, 40G, 100G ethernet capture systems. They provide backing storage that well exceeds that of conventional RAM, are super fast and light weight. Thus its prudent to keep the SSD farms in top nick, optimal health, and occasionally perform emergency room brain surgery on them. Unfortunately today is one of those days.

Finally after weeks of searching, designing and plenty of cursing, Chassis Number One has finally arrived at the office! Its been surprisingly frustrating as the market for low volume customized chassis is hmmm... small. Luckily we did find a company in the US of A (of all places) which specializes in exactly that, low volume high quality custom chassis.

Bit encoding is an art unto itself, where there`s plenty of different encoding schemes to choose from. There`s 8b/10b encoding of PCIexpress Version 2, the 128b/130b encoding of PCIExpress Version 3, 64b/67b of interlaken and of course stock 64b/66b encoding used in all 10G, 40G and 100G ethernet protocols.

The XGMII protocol is a formalized way for two hardware blocks (typically the MAC & PHY) to communicate when a packet starts/ends and if there`s any errors detected on the line. The full spec is defined in IEEE 802.3 Clause 46 but we will save you the legalize parse time and explain it in plain English.

Think your`re an networking ethernet guru ? tcpdump kung fu master? eat jumbo packets for breakfast? Then welcome to the "Layer 1" dungeon, forget everything you know. We are talking about transceiver, clock recovery, DC balance, encoding symbol sets, scrambling, lane skew and more. For 10G, 40G and 100G networks you will be surprised that, what data you think is going down the wire, is actually a completely different set of 1`s and 0`s in the cable.

あなたはネットワーキングイーサネットの天才？tcpdumpカンフーマスター？それとも朝ごはんにジャンボパケットを食べますか？それであれば「レイヤ1」迷宮へようこそ。あなたの知識を全て忘れてください。私たちは、トランシーバ、クロック・リカバリ、DCバランス、エンコーディングシンボルセット、スクランブル、レーンスキューなどについて話します。10G、40G、100Gネットワークでは、あなたが配線を通ると思っているデータが実際はケーブルないでは完全に異なる1や0であることに驚くでしょう。