Traffic visibility tools

[joelja at bogus.com (Joel Jaeggli)]

On 7/24/19 09:16, Kenny Taylor wrote:
>
> Good morning,
>
> Â 
>
> I hate to pull away from the 44/8 fire (KJ6BSQ here, and former
> AMPRnet user), but Iâ??d like to get some advice from the community on
> traffic visibility tools..
>
> Â 
>
> We use a pair of appliances called Exinda for traffic shaping and
> visibility.  The current appliances are end-of-support and the
> replacements are hugely expensive after GFI acquired Exinda.  Traffic
> shaping is less of a concern now, as circuit speeds have caught up
> with our users, but visibility is still a big need.  Those boxes do
> two things very well:Â  1) identification of FQDNs using SSL cert
> inspection on HTTPS traffic and 2) categorization of the traffic (i.e.
> Netflix, Youtube, etc.).  We have Netflow monitoring using PRTG, but
> seeing something like
> â??ec2-34-214-76-39.us-west-2.compute.amazonaws.comâ?? in Netflow logs
> isnâ??t very useful.
>
tls 1.3 encrypted SNIÂ  or QUIC and then DOH will eventually make https
opaque. Whether this is soon or not I guess is an open question but
passive inspection will probably become less useful over time. it seems
likely to cause industry / monitoring product change as well.
>
> Weâ??re looking for something that could sit either inline or hang off a
> SPAN port, handle 5-10 Gbit of traffic, do the SSL cert FQDN
> identification, and preferably group results by site/subnet/category. 
> What would you guys recommend?
>
> Â 
>
> Thanks,
>
> Â 
>
> Kenny Taylor
>
> WAN Engineer
>
> Kern Community College District
>
> Â 
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190724/f7c4fc52/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pEpkey.asc
Type: application/pgp-keys
Size: 1757 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190724/f7c4fc52/attachment.key>