hardware for argus with 10GB link
Dave Edelman
dedelman at iname.com
Tue Apr 27 07:19:07 EDT 2010
It looks like you got tired of trolling over at the NANOG list and found a
new refuge.
As far as Argus being a security geek tool, yes it works well for security
geeks. It also works well for capacity geeks and those geeks who need to
really understand how systems interact so that they can effectively plan for
continuity of business in the face of various types of failures. By the way,
in this age of fiscal constraint, security geeks who haven't pushed the FUD
button too often still have funding.
Being in the rather enviable position of having fiber optic taps on all 28
of my ISP links, and doing real time capture with the ability to time shift
back for the last hour or so (They are all Gig-E so don't ask me about
faster speeds, yet) I can tell you that running pcap files through Argus and
using the tools to get detials of events is very helpful.
Argus is what you make of it. The platform that supports it and the capture
cards that feed it will evolve over time. If you produce an FPGA based
capture solution you may be part of the Argus story, if not then someone
else's capture solution may be.
By the way, I tend to think of Argus and its clients as tools. A skilled
craftsman can use a high quality tool close to the extent of its
capabilities, a poor craftsman (that's an oxymoron) is not in any danger of
testing the limited of his tools. It's a bit like programming, some
programmers can write a COBOL program in any language.
--Dave
-----Original Message-----
From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
[mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu] On
Behalf Of Guillaume FORTAINE
Sent: Monday, April 26, 2010 10:46 PM
To: Carter Bullard
Cc: argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] hardware for argus with 10GB link
We are the only in the world doing the Flow Metering Process and Flow
Context Management in Hardware for IPFIX :
http://docs.google.com/viewer?url=http://www.cert.org/flocon/2009/presentati
ons/Celeda_FlexibleFlow.pdf
http://merlin.fit.vutbr.cz/ant/technology/flow_context_management.html
Why should we bother to do it for Argus knowing that there is *no
market* for it ?
Argus seems more like a security geek tool than other else. There are
only *2 commercial companies* (Qosient and Bivio) behind it.
Best Regards,
Guillaume FORTAINE
On 04/27/2010 04:07 AM, Carter Bullard wrote:
> I think flow monitoring has proved itself. IPFIX is evidence that Cisco
> believes that flow monitoring is very important. Not sure yet that any
> other major router/switch vendor is going to use IPFIX to transport
> their flow data though.
>
> We already have argus running on all the cards you've mentioned, and
> many many more.
>
> What is the market for running it on your card?
> I don't know.
>
>
> On Apr 26, 2010, at 9:37 PM, Guillaume FORTAINE wrote:
>
>
>> On 04/26/2010 04:53 AM, Carter Bullard wrote:
>>
>>> So, packet capture cards that use the 16 lane PCI-Express slots in newer
>>> computers should be able to go 10Gbps. If anyone on the list has such a
>>> beast, we can do some performance testing and tuning, to get argus up to
>>> speed. I'd be happy to help!!!
>>>
>>>
>>>
>>>
>> PCI-Express x8 is enough (up to 12 Gbps). PCI Express Gen 2 provides a
5Gbps/lane throughput.
>>
>> That's why the fastest card on the market are :
>>
>> -Napatech NT20E2 (x8 lane PCI Express 2.0, up to 20 Gbps)
>>
>>
http://docs.google.com/viewer?url=http://www.napatech.com/uploads/c_news/108
_file_4507.pdf
>>
>>
>> -Endace DAG 9.2X2 (x8 lane PCI Express 2.0, up to 20 Gbps)
>>
>> http://www.endace.com/dag-9.2x2-packet-capture-card.html
>>
>>
>> And my question is still the same :
>>
>> The question is : Is there a market ?
>>
>> Especially, what is the value-add of Argus in comparison to IPFIX ?
>>
>> I look forward to your answer,
>>
>> Best Regards,
>>
>> Guillaume FORTAINE
>>
>
More information about the argus
mailing list