[Bro] Software frontend

Sunjeet Singh sstattla at gmail.com
Tue Dec 7 12:10:22 PST 2010


Thanks again, Tyler for your reply.

Right now, Software-based load balancing is my only option. And I'm not 
too worried about the 1Gbps performance. Why, you might ask, do I want 
to deploy a cluster in the first place? Here's why-

I am trying to implement the Bro cluster on an Amazon EC2 cloud- just 
for fun and in an effort to learn about cloud computing. I am interested 
in seeing what challenges arise from porting a cluster-based 
implementation to a cloud. I have the manager, proxy and worker set up. 
But I need a front-end to make use of more than one worker machines. So 
I'm not worried about the front-end bottleneck, I just want to get the 
architecture running.

Now, considering the Click implementation that you described-

> You are correct, this only splits traffic across workers on the same 
> machine.  I've investigated, but haven't had time to test splitting 
> traffic across workers on different machines.  You should be able to 
> tweak the linked config a little by removing the tapX lines and 
> redirecting the my_switch outputs to the various physical interfaces.  
> For example:
>
> my_switch[0] ->  Queue ->  eth1;  #(repeat for eth2... ethX)

Even if this does forward the packet to the eth1 interface (sending out 
of eth1 I assume), we haven't done the part where the packet goes from 
the interface to the right worker machine (which is done by rewriting 
the MAC address on the packet I suppose).

> It would be nice to find a low-cost and effective software-based load 
> balancer, but I haven't seen anything yet.  Right now, I am using 
> Click! and dropping a significant fraction of our traffic to cope with 
> the limitations of running the software load balancer and workers on 
> one multi-core mid-range server.
>

Thank you for sharing your experience. This helps a long way.

Sunjeet





More information about the Bro mailing list