Using Commodity Hardware for Large Scale 10Gbps Passive Monitoring

Arne  Øslebø
DescriptionUNINETT has for many years operated a large scale passive and active monitoring infrastructure. This infrastructure is used for things like measuring the quality of the network, monitoring multicast traffic, application recognition to categorize network traffic and security monitoring. Up until now we have used special hardware for capturing traffic to guarantee support for full packet rate speeds without any packet loss. The monitoring infrastructure is now being upgraded to handle 10Gbps speeds and this time the passive monitoring is done using commodity hardware and open source software.
In this presentation we want to give a general overview of the monitoring infrastructure, show some performance numbers for the passive monitoring and present some lessons learned in getting it operational.

