Anyone using NAM on Cat6500 ?

Hi,
I'm intereseted in purchasing a NAM2 module for cat6k. I'm looking for a
couple of answers and also some experiences about this piece of hw;
strengths, pros, cons etc.
If I understood correctly, this module is some linux/solaris server packaged
as a catalyst module and connected to a backplane of cat6k and is pretty
much like attaching some fancy sniffer that collects all traffic from
some/all vlans/ports and can do real time analysis of data by printing nice
graphs.
If I understood, monitoring with NAM is configured like other span sessions,
except destination span port is some internal Gb port that represents NAM
(like on IDS blade).
I know this is a great tool to have on some remote locations, so I can sniff
traffic without actually connecting laptop with sniffer but I would be using
it on central location (it is pretty expensive to install it on remote
offices, which by the way don't have cat6k).
Also I have read that this module can be used as netflow anayzer for netflow
data exports from other routers.
If so, what would be the point of buying dedicated netflow tools like Cisco
Netflow collector and Netflow analyzer ? Are those netflow export files
saved on a disk of a NAM so I can extract some specific sessions that
happened 2 days ago (for example, who connected to a mail server yesterday
between 10:00 and 10:15). If I want to export files from routers, would I
use NAM or buy a full blown netflow solution with collector and analyser
installed on separate server.
I have read, that NAM has intergrated web server so I can connect to and
watch graphs, statistics, trends etc. Do I need some extra software for full
producitvity ?
I'm not sure what extra value is added by using nGenius Real Time Monitor
(that is bundled with
Cisco Works LAN Management Solution).
Except from buying module itself and nGenius Real time application which I
already have, what would I need for a decent solution.
I' like to hear your opinions about NAM.

thanks
jura

 

Correct. Not sure what OS it's running but it is a server on a blade.

Also correct. You span the VLANs or ports to the NAM module.

The problem is that its buffer capability is pretty limited. We will
use the NAM for Netflow collection (does a decent job of that) and
perhaps pinpoint sniffing at the backbone. But for centralized
sniffing, we opted to use NetVCR from Niksun. Gig's and gigs of buffer
space and is a terrific tool!

See above.

Haven't used any of the above you mentioned. Another group is looking
at the collector that runs on Solaris, but so far, the NAM solution
looks good for operational troubleshooting of the network.

I *believe* the data can be exported to a SQL server, but I haven't
gotten that far. We use Niksun for historical data so I haven't played
with it much.

Nothing at all. You can console in from the switch to do basic setup.
Once that's done, you log in via the Web and it's pretty easy after
that.

We also use nGenius as well. The problem with nGenius was that we were
using it for serial/DS3 links. With IPSec it pretty becomes useless.
And the disk space limitation was so severe that we couldn't keep much
historical data. The nice thing was that it was FR-aware and could sort
out the DLCIs. We created something similar on the NAM where we created
DLIC like naming so our Ops folks could quickly find the branch they
want to look at.

NAM is easy to use and fits nicely into the 6500 switch. My problem is
that it's buffer space for sniffing is limited considering the backplane
capacity of the switch.

--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
********************************************************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
********************************************************************