<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<div class="moz-cite-prefix">On 7/24/19 09:16, Kenny Taylor wrote:<br>
</div>
<blockquote type="cite"
cite="mid:BYAPR11MB3574BF16EE07B2C8FF460D0BEBC60@BYAPR11MB3574.namprd11.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Good morning,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I hate to pull away from the 44/8 fire
(KJ6BSQ here, and former AMPRnet user), but I’d like to get
some advice from the community on traffic visibility tools..<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We use a pair of appliances called Exinda
for traffic shaping and visibility. The current appliances
are end-of-support and the replacements are hugely expensive
after GFI acquired Exinda. Traffic shaping is less of a
concern now, as circuit speeds have caught up with our users,
but visibility is still a big need. Those boxes do two things
very well: 1) identification of FQDNs using SSL cert
inspection on HTTPS traffic and 2) categorization of the
traffic (i.e. Netflix, Youtube, etc.). We have Netflow
monitoring using PRTG, but seeing something like
‘ec2-34-214-76-39.us-west-2.compute.amazonaws.com’ in Netflow
logs isn’t very useful.<o:p></o:p></p>
</div>
</blockquote>
tls 1.3 encrypted SNI or QUIC and then DOH will eventually make
https opaque. Whether this is soon or not I guess is an open
question but passive inspection will probably become less useful
over time. it seems likely to cause industry / monitoring product
change as well.<br>
<blockquote type="cite"
cite="mid:BYAPR11MB3574BF16EE07B2C8FF460D0BEBC60@BYAPR11MB3574.namprd11.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal">We’re looking for something that could sit
either inline or hang off a SPAN port, handle 5-10 Gbit of
traffic, do the SSL cert FQDN identification, and preferably
group results by site/subnet/category. What would you guys
recommend?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Kenny Taylor<o:p></o:p></p>
<p class="MsoNormal">WAN Engineer<o:p></o:p></p>
<p class="MsoNormal">Kern Community College District<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
</body>
</html>