hardware for argus with 10GB link

Peter Van Epp vanepp at sfu.ca
Tue Apr 27 21:33:17 EDT 2010 

On Tue, Apr 27, 2010 at 04:46:29AM +0200, Guillaume FORTAINE wrote:
> We are the only in the world doing the Flow Metering Process and Flow  
> Context Management in Hardware for IPFIX :
>
> http://docs.google.com/viewer?url=http://www.cert.org/flocon/2009/presentations/Celeda_FlexibleFlow.pdf
>
> http://merlin.fit.vutbr.cz/ant/technology/flow_context_management.html
>
> Why should we bother to do it for Argus knowing that there is *no  
> market* for it ?
>
> Argus seems more like a security geek tool than other else. There are  
> only *2 commercial companies* (Qosient and Bivio) behind it.
>
> Best Regards,
>
> Guillaume FORTAINE
>

	I wouldn't agree with no market but there is no question that packet
capture in general is a small market, which is why Endace was the only player 
for a long time (I'm old and remember the first DAG which was an OC12 ATM card
for use with OC3mon back in the 1990's, OC3mon is what turned me on to the 
value of argus as a matter of fact :-)). 
	If you built your board thinking this was a high volume market then
I expect your market research was faulty. Packet capture has not been a high
volume market historically. Worse at 10 gigs we are already having problems 
processing a full link on a single CPU which says to me that the future is 
going to be NetDirector/Gigamon et. al. boxes that demultiplex a 10G/40G/100G 
link to multiple 10G or 1G ports that spread out to multiple less expensive 
capture card / processors which share the load. Because at 40 and 100 gigs 
that is all that will work. The expensive part is going to be in the demux 
mostly because its again low volume (a router could do this but not with 
standard router ASICs and the market isn't large enough to interest the major 
vendors, Netoptics and the others already do most of what is needed at a low 
volume / high price though). 
	As someone else noted, argus is certainly useful for security, but it
is also useful for network diagnostics and network capacity planning. But it 
does need someone skilled in its use to make it go which tends to reduce its
market share. When I retired my site moved from argus to an order of magnitude 
more expensive commercial offering because they didn't believe they had a hope 
of replacing me in the loop that made argus valuable to them. 

Peter Van Epp

More information about the argus mailing list