[Bro] Software frontend

Tyler T. Schoenke Tyler.Schoenke at colorado.edu
Tue Dec 7 12:34:54 PST 2010


> Even if this does forward the packet to the eth1 interface (sending out
> of eth1 I assume), we haven't done the part where the packet goes from
> the interface to the right worker machine (which is done by rewriting
> the MAC address on the packet I suppose).
>
I had written a config to do that, but never tested it.  Here are the 
basics.

AddressInfo(mymac 10.0.0.1/8 1:1:1:1:1:1);
AddressInfo(worker1 10.0.0.2/8 2:2:2:2:2:2);
AddressInfo(worker2 10.0.0.3/8 3:3:3:3:3:3);

my_switch :: HashSwitch(26, 8);

FromDevice(eth1, PROMISC true, BURST 8 ) -> my_switch;
todevice1::ToDevice(eth2, ALLOW_NONEXISTENT true);
todevice2::ToDevice(eth3, ALLOW_NONEXISTENT true);


//example:  my_switch[0] -> EtherEncap(0x0800, 1:1:1:1:1:1, 2:2:2:2:2:2) 
-> Queue -> ToDevice(eth2, ALLOW_NONEXISTENT true);
my_switch[0] -> EtherEncap(0x0800, mymac, worker1) -> Queue -> todevice1;
my_switch[1] -> EtherEncap(0x0800, mymac, worker2) -> Queue -> todevice2;

or if you just want to bypass the MAC rewrite to test that traffic is 
being load balanced:

my_switch[0] -> Queue -> todevice1;

mymac would be the MAC of the interface receiving the traffic, worker1 
and worker2 need to be set to the MAC of the worker machines.  I was 
hoping this would take in the traffic, load-balance, rewrite the MAC and 
send it out to several interfaces.   I think this is where I was getting 
a kernel crash and didn't have time to upgrade the kernel.  I think it 
was on CentOS 5.3, and I saw patch references to the kernel error I was 
getting.

Tyler





More information about the Bro mailing list