[165118] in North American Network Operators' Group
Re: Netscout experiences
daemon@ATHENA.MIT.EDU (tOoLb0x)
Mon Aug 19 20:25:03 2013
In-Reply-To: <CAJvB4t=Uhtyd5uK71w1BcvDvCo_TJ9XKhVSJWiT2MYDTPC8xzQ@mail.gmail.com>
From: tOoLb0x <toolb0x.security@gmail.com>
Date: Mon, 19 Aug 2013 17:24:48 -0700
To: Blake Dunlap <ikiris@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Aug 19, 2013, at 13:24, Blake Dunlap <ikiris@gmail.com> wrote:
> Greetings,
> Anyone out there have experiences with Netscout or any of their
> nGenius products and wish to share impressions? Currently looking at them
> in comparison to say Netbrain, NetQoS, smarts, etc.
>=20
> -Blake
We've been using Netscout's nGenius for years. Their Gig probes and Infinist=
ream probes are rather expensive but the resulting application visibility ju=
stifies the cost. We have basically built up our network visibility over ti=
me starting with a PM server and a single probe, used as a netflow collector=
, then gradually superseding netflow with dedicated Netscout probes. We use=
d fiber and copper taps instead of SPAN ports since we believe SPAN ports ar=
e better used tactically. Take that instrumentation cost into consideration.=
=20
To be fair, we haven't evaluated the other apps that you have mentioned, as o=
f late. We do have a Concord eHealth implementation which we use for histor=
ic SNMP network statistics. It's good for showing us WHEN and WHERE we have=
a bandwidth spike but it doesn't answer the WHO and WHAT questions like nGe=
nius does. We use the Inifnistream probes strategically as a "network TiVo"=
which allows us to grab the packets we need for retrospective performance o=
r forensic analysis. All of the Gig probes can do packet capture but they're=
limited. The Infinistreams are basically deployed at our core and network p=
erimeter. Our Gig probes are more ubiquitous at the datacenter and distribu=
tion sites. Our basic philosophy of use is to monitor all the data center s=
witches and any network choke points, especially ingress (ISP, extranet, VPN=
, dedicated circuits, etc). We also have a couple of portables that we use f=
or our more on-going issues. =20
We do have a few of the 10G probes but we coupled that with a Gigamon deploy=
ment since it was too cost prohibitive to purchase multiple 10G tool/interfa=
ces everywhere in our data centers. Gigamon allows us to leverage many of o=
ur existing tools but that may not be germane to the conversation. =20
-bb=
