[Bro] Network taps for Bro

James Eyrich eyrich at illinois.edu
Wed Aug 3 12:02:06 PDT 2016

Bro doesnt care about any of that.
The optics going into your tap aggregator or direct into to the bro
nodes need to match what ever you are using for the connection
same for the splitter
regarding splitter ratios  - it depends what your light budget regarding
the receive sensitivity on the ends of the actual connection and the
optics feeding the bro system
Off the top of my head I was thinking 50/50 is good for data center and
70/30 for WAN
if you are running out of light once the splitter is in place you might
have to move to higher powered optics all around.

One thing we ran into is some of the "lite" optics for use in data
centers also have reduced sensitivity in addition to lower send power.

On 8/3/2016 1:37 PM, Daniel Manzo wrote:
> Hi all,
> My team is looking into using the Bro IDS for monitoring of a science
> DMZ with a 10 Gbps network. I was wondering how to choose which
> network tap(s) is necessary for this type of connection and if you
> have any recommendations/methods for setting up the hardware for Bro.
> I have been looking at the passive Ixia Flex taps, specifically the LC
> 10G SM 50/50 split tap. Will single mode (SM) versus multi-mode (MM)
> make a difference for Bro? And does Bro require a 50/50 ratio, or
> would I be able to get away with a different ratio?
> Thanks for the help,
> Daniel Manzo
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

James Eyrich
Manager - Incident Response and Security
National Center for Supercomputer Applications
University of Illinois at Urbana-Champaign
eyrich at illinois.edu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160803/36dee5a4/attachment.html 

More information about the Bro mailing list