Anue's flexible per-port licensing may be more economical, because IT doesn't have to pay for ports that won't be used. The base configuration Anue 5204 1-Gb box with four ports licensed is $17,000; the 5236 10-Gb box with four ports starts at $25,000. Licenses to activate additional ports are $800 per port for both models. Gigamon's basic GigaVue-420 (with four 1-Gb ports) lists for $14,995; the 10-Gb GigaVue-2404 (with eight 10-Gb and four 1-Gb ports) has a list price of $45,000. Each GigaVue supports four expansion slots, with various copper/fiber options and network taps for passive monitoring.
The process of setting Layer 2-4 filters is both the most important function of a network monitoring switch and the biggest difference between the Anue and Gigamon offerings.
Creating a simple filter that matches IP source and destination, or TCP and HTTP ports, is a straightforward process with both systems. However, management interfaces--Gigamon's CLI approach versus Anue's GUI--make all the difference in the time it takes to use each vendor's offering. Anue requires only dragging a line between two port objects within the GUI, which then pops up a filter dialog. You fill in the fields as prompted. The interface also includes mouse-over tips and contact-sensitive help.
Creating the same type of filter within Gigamon takes a couple of additional steps as well as mastery of the CLI's syntax. GigaVue users might need to budget some time with the user manual to ensure that they can access the switch's full benefits.
We found that generating sample filters using either switch wasn't much of a challenge in tests, but watching Internet traffic was. Like many organizations, we monitor the Internet for performance, diagnostic, and security reasons, using a variety of tools. Our three WAN ISPs are fed by four router ports with potentially asynchronous routes, so we need to combine these streams to ensure that we see all the traffic and filter it into high and low IP address ranges to balance the load on our monitoring tools.
Gigamon's Map feature combines filters, which can then be applied across multiple network traffic ports. Organizations can direct this combined and filtered traffic to specific tools without overrunning the bandwidth of their interfaces. However, we spent the better part of four hours and some trial and error to get the map and its filters defined and applied.
That said, we found Map to be a powerful problem-solver if you're facing complex collection and filtering snarls, and it's reusable on other interfaces, so it's worth the extra effort up front.
In addition, Anue's Smart Filtering supports Boolean and "and/or" filters, including compound "or" and "and" combinations for complex selections. You don't need to worry about the order of a filter statement, as you would with an access control list or firewall rule.
Note that with power comes responsibility--Gigamon can put filters on incoming network ports or outgoing tool ports; however, if you're not careful, this could affect what traffic reaches each tool.
We tested a beta version of Gigamon's GUI and found it as easy to use as Anue's. Further, because the GUI is a Java applet, rather than a full-blown Java application, Gigamon won't require an installation on the desktop, meaning it can be used on any machine. However, this also means some functionality, like contextual right clicks for menus, won't be as rich.
The Gigamon GUI should make building filters a much faster process and will still let power users create the filter configuration in the CLI format behind the scenes.
Bruce Boardman is senior networking engineer at Syracuse University. Write to us at email@example.com.