2003-01-09T09:21:47 Paul Van Gurp: > [ have to share span ports w/ net admins when they need 'em for > debugging. Alternatives: ] > * upgrade of software to enable the use of multiple SPAN ports > on 1 switch. > * upgrade of hardware with multiple SPAN ports > * the use of a hub connected to a SPAN port when network > testing is required. This would allow both devices to share > the port temporarily > * the use of taps
You left off "use a hub on the span port permanently", which would avoid any need to ever unplug your sensor. Sometimes that's a great solution. Hubs are cheap. Another solution that some times works is "live with the outage". Depending on the service levels you require for your network sensors, you may be able to just live with sharing the single span port; on well-run networks, it's often the case that the admins need those ports very rarely, and quite briefly. I've deployed many sensors with the agreement that the network admins can disconnect them any time they needed to to address a production outage, that sufficed to make them happy, and I saw no outages from this. Another possibility that works in some settings is to provide your network admins with access to your sensor systems, and let them use them as monitoring platforms. I don't know what network sensors you're deploying, but on e.g. Linux w/ libpcap-based sensing apps, you can have as many as you want running at the same time, and they'll all see the data, up to the limits of the systems performance. -Bennett
msg04970/pgp00000.pgp
Description: PGP signature
