[Bro] Software frontend

Tyler T. Schoenke Tyler.Schoenke at colorado.edu
Tue Dec 7 10:38:47 PST 2010 

You are correct, this only splits traffic across workers on the same 
machine.  I've investigated, but haven't had time to test splitting 
traffic across workers on different machines.  You should be able to 
tweak the linked config a little by removing the tapX lines and 
redirecting the my_switch outputs to the various physical interfaces.  
For example:

my_switch[0] ->  Queue ->  eth1;  #(repeat for eth2... ethX)

I haven't tried this, but it should work.  This software-based load 
balancing will only work for smallish amounts of traffic.  If you are 
trying to feed upwards of 1 Gbps, the user mode Click will probably 
choke.   I started to investigate using kernel mode Click with the 
RouteBricks code to improve performance, but got stuck at a kernel panic 
and didn't have time to pursue it further.   For that, you need a 
multi-core Nehalem server with Intel 10Gbps 82598EB cards.  The best 
solution is probably to buy a hardware load balancer like the cPacket 
cFlow device.  Currently, they have a 10Gbps version, but heard they are 
working on a 40Gbps version.  Other people have used Cisco routers, or 
other hardware load balancers.

It would be nice to find a low-cost and effective software-based load 
balancer, but I haven't seen anything yet.  Right now, I am using Click! 
and dropping a significant fraction of our traffic to cope with the 
limitations of running the software load balancer and workers on one 
multi-core mid-range server.

Tyler

On 12/7/10 11:09 AM, Sunjeet Singh wrote:
> Thanks Tyler. From my understanding, this would be used to split traffic
> across cores on the same worker machine.
>
> Can this be extended to get what I want- split traffic from the fronted
> (which will be running this Click daemon) to workers running on
> different machines?
>
> Thanks,
> Sunjeet
>
>
> On 10-12-07 10:05 AM, Tyler T. Schoenke wrote:
>> Is this what you are looking for?
>>
>> http://www.bro-ids.org/wiki/index.php/ClusterFrontendClickModularRouter
>>
>> Tyler
>>
>> -- 
>> Tyler Schoenke
>> Network Security Analyst
>> IT Security Office
>> University of Colorado - Boulder
>>
>>
>> On 12/7/10 10:11 AM, Sunjeet Singh wrote:
>>> Hi,
>>>
>>> Does any one have a Click or other software frontend implementation that
>>> splits traffic to different nodes (and not cores)?
>>>
>>> Thank you,
>>> Sunjeet Singh
>>>
>>>
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>

More information about the Bro mailing list