[Bro] Deploying Bro Cluster using Docker container technology

Laaziz Lahlou laaziz.lahlou at etu.parisdescartes.fr
Mon Aug 24 19:05:08 PDT 2015


Hi guys,


I'm trying to deploy Bro Cluster using Docker container technology for my master's research project on Network Function Virtualization.


The objective is to use pf_send and replay a pcap file obtained from http://download.netresec.com/pcap/smia-2011/SMIA_2011-10-12_07%253A41%253A40_CEST_606532000_file2.pcap.<http://download.netresec.com/pcap/smia-2011/SMIA_2011-10-12_07%253A41%253A40_CEST_606532000_file2.pcap>

I configured PF_RING and created 5 containers as workers.


I guess here I'm violating what is cited in : https://www.bro.org/sphinx/cluster/index.html

The PF_RING software for Linux has a "clustering" feature which will do flow-based load balancing across a number of processes that are sniffing the same interface". What I mean here is each container has it's own interface and the workers are not listening on the same interface,so am I right or should I deploy the whole Bro Cluster just on one container ? I will appreciate any comment and guidance.


Best regards.

Aziz

MSc Sécurité, Réseaux et e-Santé
Université Paris Descartes


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150825/ae4b9ded/attachment.html 


More information about the Bro mailing list