[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many to many dup-to option?



Matt Van Mater wrote:


switch1---| |--IDS switch2---|--traffic aggregator---|--ntop switch3---| |--ethereal |--etc...


You state that collisions on your hub, sitting in the "traffic aggregator" position are causing your switches to disable their span ports.

Is the issue the collisions themselves, or just the switches disabling the ports?

If it's the ports, then couldn't you use your obsd dup-to box to aggregate the traffic, and put the hub AFTER it?

Alternatively, how about a "hub matrix" (As it seems to me if you have enough traffic to swamp a hub, you're obsd box would have to be so buff as to rival netoptics taps in expense):

switch1 --- hub1 -|--- IDS(int1)
                  |--- ntop(int1)
                  |--- etc(int1)

switch2 --- hub2 -|--- IDS(int2)
                  |--- ntop(int2)
                  |--- etc(int2)

etc.
2hubs + 8 interfaces, are much cheaper than a fast-enough openbsd machine, aren't they?