[Bro] 100G question
Michał Purzyński
michalpurzynski1 at gmail.com
Thu May 11 20:59:03 PDT 2017
We used to do 60Gbit/s easily at Mozilla a few years ago, with Arista TapAgg and what I like to call a reverse bond interface. Works great and as a nice bonus you can do a rolling cluster restart without missing a bit.
That included a bunch of servers with Myricom, I'd rather use X720 instead.
Depending on your network something else might be an issue - the number of flows. Depends on how much state your scripts keep. Basically bits/sec are not the only thing that matters. We have 128GB per server.
Good luck!!
> On May 11, 2017, at 8:11 PM, Slagell, Adam J <slagell at illinois.edu> wrote:
>
> Darrain,
>
> Also, please feel free to contact me at the NCSA for some independent advice about Bro @ 100G. NSF funds the project to help EDUs and NSF projects.
>
> Cheers,
> Adam Slagell
>
>> On May 11, 2017, at 7:48 PM, Darrain Waters <dwaters at bioteam.net> wrote:
>>
>> All
>>
>> My customer will be installing a 100G I2 port @ multiple sites. I have specced a 5 node cluster using Arista Danz and myricom 10G cards with SNF license. The 100G will be tapped using a ixia passive tap. I have built and installed this set up for a previous customer, which was based on the Berkeley Lab set up.
>>
>> Apparently, someone @ corelight has told my customer that this type of BRO 100G cluster setup is not necessary. Further, the corelight person said that one of the corelight appliances would be able to handle 100G.
>>
>> Is there a new standard for inspecting 100G, and is corelight BroBox capable of inspecting 100G flows ?
>>
>> Thank you
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list