Network Placement and Sensor Sizing

It’s best to position passive sensors at points in the network that see maximum aggregate traffic. For effective traffic monitoring, passive sensors should be attached to tap/span ports of distribution switches/routers in the network.

What size do you need?

You can consider the traffic throughput at the deployment points, the need for accurate coverage of all assets, and the total count of all assets. Typically, passive sensors with 1G interfaces would be sufficient for an aggregate traffic that does not exceed 900 Mbps from an average of up to 3,000 assets.

Where should you attach passive sensors?

Passive sensors attached to core switches/routers may not have visibility into the local traffic of the distribution switch, i.e., traffic between assets attached below the same distribution switch. Passive sensors attached to distribution switches will provide much better accuracy and visibility. Depending on the network topology, multiple passive sensors may have to be deployed.

The following diagram shows passive sensors at the distribution layer. In this example, traffic from all devices in the Client Access network is aggregated at the distribution switches, and traffic from the distribution switches is aggregated at the core switch.