[Bro] Network taps for Bro

Gary Faulkner gfaulkner.nsm at gmail.com
Wed Aug 3 12:29:13 PDT 2016 

Another thing to consider is if it is a single 10G connection you may be 
able to go right to the bro box from the tap, but if you have multiple 
10G connections, or need to send the signal to monitoring tools on 
multiple boxes you may also need to look into a tap aggregator/ 
load-balancer as well. If the connection is running on a specific 
CWDM/DWDM wavelength you may also need to check that your NICs and/or 
tap aggregator support the proper optics as not all do.

~Gary

On 8/3/16 2:02 PM, James Eyrich wrote:
> Bro doesnt care about any of that.
> The optics going into your tap aggregator or direct into to the bro
> nodes need to match what ever you are using for the connection
> same for the splitter
> regarding splitter ratios  - it depends what your light budget regarding
> the receive sensitivity on the ends of the actual connection and the
> optics feeding the bro system
> Off the top of my head I was thinking 50/50 is good for data center and
> 70/30 for WAN
> if you are running out of light once the splitter is in place you might
> have to move to higher powered optics all around.
>
> One thing we ran into is some of the "lite" optics for use in data
> centers also have reduced sensitivity in addition to lower send power.
>
> On 8/3/2016 1:37 PM, Daniel Manzo wrote:
>> Hi all,
>>
>>   
>>
>> My team is looking into using the Bro IDS for monitoring of a science
>> DMZ with a 10 Gbps network. I was wondering how to choose which
>> network tap(s) is necessary for this type of connection and if you
>> have any recommendations/methods for setting up the hardware for Bro.
>> I have been looking at the passive Ixia Flex taps, specifically the LC
>> 10G SM 50/50 split tap. Will single mode (SM) versus multi-mode (MM)
>> make a difference for Bro? And does Bro require a 50/50 ratio, or
>> would I be able to get away with a different ratio?
>>
>>   
>>
>> Thanks for the help,
>>
>> Daniel Manzo
>>
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160803/49693e47/attachment.html

More information about the Bro mailing list