|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: using sniffer on high-bandwidth pipes
We are using FreeBSD 4.x on 1Gbit Ethernet (for snifferring). Never had a problems (but I should not garantee 100% snifferring on 400,000pps). In reality, correct, pps is important, bandwidth is not important. If traffic is VoIP, it's a problem; if it is 90% WEB, it's an easy task. ----- Original Message ----- From: "Steve Francis" <[email protected]> To: "todd romero" <[email protected]> Cc: <[email protected]> Sent: Friday, December 03, 2004 8:08 AM Subject: Re: using sniffer on high-bandwidth pipes > > It probably depends more on pps than bandwidth. > At a prior job, I used FreeBSD 4.x machines to capture over 400,000 pps, > I think, on gigabit links. > You need a nic that is supported with one of the device polling drivers > to keep CPU manageable. (Intel, not yet broadcom.) > > FreeBSD far surpassed Solaris in packet capture performance. > > Linux 2.6 machines may do OK, using NAPI - but I've no experience with that. > > > todd romero wrote: > > >does anyone have expirience using a sniffer on a hi-capacity network > >segment, that might know if there are limitations I need to worry about? > > > >example: customers doing EMC database replication across a mpls link, and > >when the capacity reaches aprox. 250 Mbp/s packets are arriving out of > >sequence etc. So we need to put sniffers on both sides to capture some > >data to see whats happeneing when the capacity reaches 250mbps. > > > >what kind of system requirements would be needed to be able to be able to > >capture that amount of data. For some reason, I dont think that the Dolch > >Pac 65 sniffers we have (running nt4 and sniffer pro2) would be able to > >handle that kind of data? If they cant, we can probbaly use a sun box. > >what kind of specs would the box need? > > > >tia, > >tr > > > > >
|