4 Replies Latest reply on May 3, 2017 8:30 AM by rschroeder

    Do you have any experience using Gigamon for network monitoring?

    rschroeder

      Gigamon is courting my server and security teams, to provide Netflow based monitoring, specifically for tracking security events & flows.

       

      If you have any experience using that brand of equipment, or with Netflow for security, in parallel with NTA, I'd love to have your thoughts.

       

      Rick Schroeder

        • Re: Do you have any experience using Gigamon for network monitoring?
          ronhilldiscover

          I know this is a late response, but I use Gigamon where I'm at. I've had a great experience with them. It's a great tool when you have a large network to consolidate all of the locations that you need to collect traffic from. They have some great features that other packet flow network providers don't offer like SSL decryption, de-duplication of packets, slicing/masking. Good stuff all around.

            • Re: Do you have any experience using Gigamon for network monitoring?
              rschroeder

              Your reply is not late at all--and I thank you for noting your experience.  I'd love to hear more about the strengths and weaknesses, pro's & con's of Gigamon, as well as the size of your network and the area it covers, if you feel comfortable sharing this info.  You can also IM me via Thwack if you don't want to share information with the entire group.

                • Re: Do you have any experience using Gigamon for network monitoring?
                  ronhilldiscover

                  We have a pretty good sized network. On the user side we have 5 large campuses (around 3,000 users each) in the US and a handful of smaller offices in the US and overseas.We have 2 datacenters that host, well to be  honest I don't know how many servers. If I had to pull a number out of the air I'd say in the low thousands.

                   

                  The thing to keep in mind with Gigamon is that it's just the conduit to get data from the wire into analysis tools. Their newest release does include a netflow traffic monitor but that's really just to get a sense of what's coming in over the wire vs what's being seen by the tool.

                   

                  Our packet flow network is setup similar to the classic Cisco 3 tier design with access, aggregation, and core. I've done evaluations of a few other vendors and the field is pretty similar for the access and aggregation tiers. They all have relatively low cost boxes that will forward packets upstream and can do some basic logic. Where I've seen the most difference from the vendors is when you get to the core and the traffic mapping gets more complex. I'm able to direct traffic from any node in my datacenter to any tool based on TCP port, IP, MAC address, and if I really need to I can pull out packets based on patterns within the payload.

                   

                  There are functions that the platform can do that I haven't seen native in some of the other vendors.  I need to decrypt SSL traffic for some of my security tools and Gigamon is able to do that right on the chassis. Other vendors partner with another company and you have to install another box to do it. I also have to do slicing/masking of some traffic before it can be offloaded. Sometimes this  is for security i.e.:mask someone's SSN or only save a copy of the packet header for performance data.

                   

                  Their platforms have been stable and their support teams have been excellent. The only downside that I've found is cost for optics. The cost for SFPs is often higher than what I pay Cisco for theirs.

                   

                  Hope that helps,

                  Ron

                  1 of 1 people found this helpful
                    • Re: Do you have any experience using Gigamon for network monitoring?
                      rschroeder

                      Thank you very much, Ron!  I've forwarded your report to the rest of my team, and to our other groups who are analyzing packet-forwarding vendors.  I think everyone likes Gigamon, and their only hesitation is Gigamon's price.

                       

                      When I spoke with Gigamon and Datacom Systems (one of Gigamon's competitors), it sounds like the two brands of hardware are often found within the same organization.  Datacom Systems equipment does low-cost tapping and sends traffic to the more expensive Gigamon for slicing/dicing and SSL decryption.

                       

                      I'm glad you're satisfied with Gigamon, and I'll be interested to see how my organization proceeds in the future towards shared packet capture/analysis tools.

                       

                      Rick Schroeder