Reference Architecture for Typical Network Environment?


#1

Are there any sample diagrams or reference architecture material available for how and where to place EH in a typical network environment?

Also, anything that describes the pros and cons of using physical vs. virtual EH?

Thanks!


#2

Good Question!!,

I have not seen any official diagrams or reference architecture material, though that does not mean they don’t exist. I would highly recommend leveraging your SE. With my deployment I initially did not take our SE advice, and was capturing in our data center at our Layer3, we have a traditional 3 tier Data Center, - Core, -Aggregation/Distribution, and then Access Layer. The L3 resides at the Core level. “I”, then quickly realized, that we were missing a lot of Guest to Guest with in the same vlan conversation. I am now, in the process of moving our ‘Span’/‘Taps’,… “Lower”,… Closer to the Guest. So my recommendation, determine what traffic you would like to see, and design towards that.

Regarding, the physical and or Virtual EH,… I can only give my opinion,. my opinion is Physical, for me Physical is better. Because I have a easier time making the Span work… – Because I am not a ‘Server’ guy.
as stated this is just my opinion, I have worked with both, and overall, both products are awesome!!!

  • Hope that helps, if I ever run across some “diagrams or reference architecture material” I’ll make sure to pass it along.

#3

for placing the EH or any other device that uses port mirroring to gain visibility, IMHO:

  1. you have to decide wether you want detail/summarized data, and what data that you need to vizualize (source of data)
  2. you have to understand your network and application topology, this will be use to pin point the existance of the data you want to visualize.
  3. if EDA/ETA, make sure you placed it as near as it can be to the data source that you are trying to visualize, so you will get the visibility that you wanted.
  4. if EXA, since the data feed will be coming from EDA, it can be place near the EDA or in some other near places, as long as it doesn’t bother your network performance much.

CMIIW guys…

Cheers


#4

All good recommendations. #2 in particular…

When I used to do EH deployments, we’d whiteboard out the network, then figure out where the apps lived on the network. Often people would come take photos of the whiteboard, because nobody had ever figured out how the apps related to the network :slight_smile:

An EDA can be a valuable discovery tool here. Start with a very basic deployment, get the lay of the land (VLANs, apps, etc), then refine the SPANs based on what you learn.