We are debating ways to implement RSD, and the idea of using some of our networking tools came up. The question is how large can the RSD sensor software scale?
There are many DHCP servers--some Windows, some not. We would effectively be sending a copy of half of all of our DHCP traffic to a single dedicated box, and a copy of the other half to a different dedicated box. Neither one would be set to fingerprint, so the are listening only. Each one would be handling the DHCP data from about 50-60,000 systems.
If that goes well, we might look at opening the floodgates for traffic--ARP, RARP, and maybe a few others.
Has anyone been crazy enough to try something like this?
DHCP traffic alone shows barely even a blip on the performance radar.
Moving ahead to including ARP & RARP....
Wish me luck,