I want to rely on your vast experience and hear some options for deployments.
There is a large organization with an enterprise application spanning across 40 different vlans (using hyper-v, not VMWare). The way the network is configured is that all traffic between vlans is going through a 6500 backbone. A physical AMD is already getting traffic from the 6500, meaning traffic between vlans is seen.
Now there is a request to see the internal vlan's traffic, but no one has the knowledge on how to mirror internal vlan traffic on Hyper-V. One option would be of course is the virtual AMD. what other options exist for Hyper-V ?
we have a partner company that provides virtual TAPs. Theoretically these TAPs are working like a physical TAP (mirroring network traffic) but they are available as a virtual modul to be installed into the hypervisor and can mirror the virtual traffic within that host.
If you want more information about that I can provide you some contact here.
Hi Gil and Friedrike!
Happy to see you are aware of the virtual TAPs.
Both Gigamon and IXIA has virtual TAPs. The result for us is the same but they work in 2 different ways. What I tend to suggest is that the customer gets information about both and then they can make tests or decisions themselves. If you point to only one of these, chances are that you will hear back from the customer later when they get clear understanding of how these TAP's work. If you leave it up to the customer then it's their own choice.
It can be important to point to that you need something to handle the packets with so they should assess what boxes the feeds from these virtual TAPs shold go to prior to hitting the AMD.
Very nice to hear Jon!
I go to quite a lot of different shops and see all to many relying on just SPAN and then don't relate to the output data of DCRUM. The problem is that SPAN as such doesn't lend itself to any quality control and you can have a SPAN session dropping lots of packets and there is nothing telling you this, short of capturing some data and checking that there are no packets missing in the sequence chain.
Both IXIA and Gigamon have large scale solution to address this in a very nice way.
It is by far superior to use a TAP and be able to trust you are actually capturing all packets.