SPAN-aggregation and packet brokers. Packets deduplication

SPAN-aggregation and packet brokers. Packets deduplication

One may ask: is it real to be so stupid implementing TAPs and brokers that packets are duplicated? Yes, of course, and it doesn't indicate architects' stupidity. E.g. we need the datacenter traffic analysis. So, it is necessary to mirror datacenter uplinks (no matter Internet or corporate) to have an incoming/outgoing traffic visibility, and aggregation/service layer links according to the datacenter network design. Inbound/outbound packet has no duplicates if it is going to some segment connected via dedicated physical lines, no router/firewall on a stick etc.

name='more'>
Let's assume some network part on the picture 1. TAPs mirror traffic to aggregators and then it is sent to information security systems. Users' connections path to servers is going through at least 2 TAPs copying traffic to the aggregator. As a result security sensors receive much more traffic for analysis.
  
Alt text
История Ричарда Столмана - от любви до ненависти. Раскрыты подробности уплаты выкупа вымогателям а киберграбители взялись за цифровое искусство. Смотрите 12 выпуск security-новостей на нашем Youtube канале.

Андрей Дугин

Практическая информационная безопасность и защита информации | Information Security and Cyber Defense in Deed