I have a client with a stack of two Aruba/HP 2920 48 port switches as their top-of-rack/core switches. They've recently decided to implemnt multiple disperate network security systems, one of which is physical and one is a virtual appliance. Both need to have 'internal traffic going to or from the internet' mirror to them.
My first problem is that the 2920 only supports a single mirror group, so I can have one physical port with the monitored traffic. This means I can't channel the mirrored traffic to both appliances.
My second problem is that the virtual appliance is on a VMware cluster of three hosts, two of which is already at max capacity of NICs. So I'll have to put it exclusively on the third host and add a NIC.
I've come to the conclusion that the right answer is to connect the one mirror port to the physical security appliance through a network tap, and have the tap duplicate the traffic to the NIC on the host with the virtual security appliance.
This feels 'cludgy', I'd much rather have multiple mirror groups but from what I can see only 3500yl or 5400zl series switches support that. Both of those are expensive solutions, especially compared to buying a network tap.
Is there a particular brand of network tap anyone would recommend? Does one exist with multiple tap ports? I've only ever worked with "Network General" brand, but it was 10/100.
No comments:
Post a Comment