On 7/24/19 09:16, Kenny Taylor wrote: > > Good morning, > > > > I hate to pull away from the 44/8 fire (KJ6BSQ here, and former > AMPRnet user), but I’d like to get some advice from the community on > traffic visibility tools.. > > > > We use a pair of appliances called Exinda for traffic shaping and > visibility. The current appliances are end-of-support and the > replacements are hugely expensive after GFI acquired Exinda. Traffic > shaping is less of a concern now, as circuit speeds have caught up > with our users, but visibility is still a big need. Those boxes do > two things very well: 1) identification of FQDNs using SSL cert > inspection on HTTPS traffic and 2) categorization of the traffic (i.e. > Netflix, Youtube, etc.). We have Netflow monitoring using PRTG, but > seeing something like > ‘ec2-34-214-76-39.us-west-2.compute.amazonaws.com’ in Netflow logs > isn’t very useful. > tls 1.3 encrypted SNI or QUIC and then DOH will eventually make https opaque. Whether this is soon or not I guess is an open question but passive inspection will probably become less useful over time. it seems likely to cause industry / monitoring product change as well. > > We’re looking for something that could sit either inline or hang off a > SPAN port, handle 5-10 Gbit of traffic, do the SSL cert FQDN > identification, and preferably group results by site/subnet/category. > What would you guys recommend? > > > > Thanks, > > > > Kenny Taylor > > WAN Engineer > > Kern Community College District > > >
pEpkey.asc
Description: application/pgp-keys
