[Bro] Software frontend
Tyler T. Schoenke
Tyler.Schoenke at colorado.edu
Tue Dec 7 10:38:47 PST 2010
You are correct, this only splits traffic across workers on the same
machine. I've investigated, but haven't had time to test splitting
traffic across workers on different machines. You should be able to
tweak the linked config a little by removing the tapX lines and
redirecting the my_switch outputs to the various physical interfaces.
my_switch -> Queue -> eth1; #(repeat for eth2... ethX)
I haven't tried this, but it should work. This software-based load
balancing will only work for smallish amounts of traffic. If you are
trying to feed upwards of 1 Gbps, the user mode Click will probably
choke. I started to investigate using kernel mode Click with the
RouteBricks code to improve performance, but got stuck at a kernel panic
and didn't have time to pursue it further. For that, you need a
multi-core Nehalem server with Intel 10Gbps 82598EB cards. The best
solution is probably to buy a hardware load balancer like the cPacket
cFlow device. Currently, they have a 10Gbps version, but heard they are
working on a 40Gbps version. Other people have used Cisco routers, or
other hardware load balancers.
It would be nice to find a low-cost and effective software-based load
balancer, but I haven't seen anything yet. Right now, I am using Click!
and dropping a significant fraction of our traffic to cope with the
limitations of running the software load balancer and workers on one
multi-core mid-range server.
On 12/7/10 11:09 AM, Sunjeet Singh wrote:
> Thanks Tyler. From my understanding, this would be used to split traffic
> across cores on the same worker machine.
> Can this be extended to get what I want- split traffic from the fronted
> (which will be running this Click daemon) to workers running on
> different machines?
> On 10-12-07 10:05 AM, Tyler T. Schoenke wrote:
>> Is this what you are looking for?
>> Tyler Schoenke
>> Network Security Analyst
>> IT Security Office
>> University of Colorado - Boulder
>> On 12/7/10 10:11 AM, Sunjeet Singh wrote:
>>> Does any one have a Click or other software frontend implementation that
>>> splits traffic to different nodes (and not cores)?
>>> Thank you,
>>> Sunjeet Singh
>>> Bro mailing list
>>> bro at bro-ids.org
More information about the Bro