All
My customer will be installing a 100G I2 port @ multiple sites. I have specced a 5 node cluster using Arista Danz and myricom 10G cards with SNF license. The 100G will be tapped using a ixia passive tap. I have built and installed this set up for a previous customer, which was based on the Berkeley Lab set up.
Apparently, someone @ corelight has told my customer that this type of BRO 100G cluster setup is not necessary. Further, the corelight person said that one of the corelight appliances would be able to handle 100G.
Is there a new standard for inspecting 100G, and is corelight BroBox capable of inspecting 100G flows ?
Thank you
Hi Darrain,
I think there’s been a misunderstanding?
A single instance of our appliance isn’t designed to handle 100G, and this doesn’t sound like the conversation we had with your customer.
Much of our team came from Berkeley Lab, so we’re familiar with Science DMZ.
Let’s talk when you have a chance? will send my number separately.
Darrain,
Also, please feel free to contact me at the NCSA for some independent advice about Bro @ 100G. NSF funds the project to help EDUs and NSF projects.
Cheers,
Adam Slagell
We used to do 60Gbit/s easily at Mozilla a few years ago, with Arista TapAgg and what I like to call a reverse bond interface. Works great and as a nice bonus you can do a rolling cluster restart without missing a bit.
That included a bunch of servers with Myricom, I'd rather use X720 instead.
Depending on your network something else might be an issue - the number of flows. Depends on how much state your scripts keep. Basically bits/sec are not the only thing that matters. We have 128GB per server.
Good luck!!