[Bro] Bro Cluster on the Bivio Platform
Joel Ebrahimi
jebrahimi at bivio.net
Thu Nov 11 10:12:25 PST 2010
I recently built and tested Bro Cluster for the Bivio Platform for some
of our customers and wanted to share the information.
The cluster version of Bro is a very native fit for the Bivio
architecture. The internals of the Bivio platform on a single Bivio 7562
can be thought of as a load balancer and 12 separate Linux systems (this
can scale to 48 systems in a single logical unit). The Linux systems
have their own communication plane within the Bivio system that is
separate from the packet acquisition path and can use this to talk to
the workers, proxies, and the manager. The shared file system also
allows for easy setup. Below are the steps I used to setup the system
and Bro Cluster. I also attached my node.cfg for a Bivio 7562, this file
can be edited so that it reflects the number of cpu cores that will be
running systems for Bro.
Installation
--------------------------
1. Unzip Bro
tar -zxvf bro-1.5-release.tar.gz
2. Change into the Bro directory
cd bro-1.5.1/
3. Configure Bro with desired options
./configure --disable-select-loop --enable-cluster
4. Build Bro
make
5. Install Bro with Broctl
make install-broctl
System Configuration
---------------------------
1. Turn off strict key checking to avoid key prompts when logging into
Bro worker cpus
vi /etc/ssh/ssh_config
add
StrictHostKeyChecking no
2. Generate public/private key
ssh-keygen -t rsa -f /root/.ssh/id_rsa
hit return twice for a blank passphrase
3. Add it to the authorized keys
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys2
4. Setup your manager,proxy, and worker nodes in your node.cfg
configuration file
# $Id: node.cfg,v 1.1 2010/11/05 19:49:46 jebrahimi Exp $
#
# Node configuration
#
[manager]
type=manager
host=CPU-X
[proxy-1]
type=proxy
host=CPU-X
[worker-1]
type=worker
host=CPU-1c0
interface=default
[worker-2]
type=worker
host=CPU-1c1
interface=default
[worker-3]
type=worker
host=CPU-2c0
interface=default
[worker-4]
type=worker
host=CPU-2c1
interface=default
[worker-5]
type=worker
host=CPU-3c0
interface=default
[worker-6]
type=worker
host=CPU-3c1
interface=default
[worker-7]
type=worker
host=CPU-4c0
interface=default
[worker-8]
type=worker
host=CPU-4c1
interface=default
[worker-9]
type=worker
host=CPU-5c0
interface=default
[worker-10]
type=worker
host=CPU-5c1
interface=default
[worker-11]
type=worker
host=CPU-6c0
interface=default
[worker-12]
type=worker
host=CPU-6c1
interface=default
5. Edit your networks.cfg and broctl.cfg in /usr/local/bro/etc/
6. You will need to add the Bro binaries to you Path
export PATH="$PATH:/usr/local/bro/bin"
7. Install workers and proxies
broctl install
Running Bro
-----------------
1. Since we are running Bro through the cluster shell
and not Bivios nrsp we will need to force on load sharing to the APC
CPUs
nrsp loadshare all on
2. Add the crontab entry for some required Bro tasks, enter cron
crontab -e
then add
0-59/5 * * * * /usr/local/bro/bin/broctl cron
3. Start Bro
broctl start
// Joel
Joel Ebrahimi
Solutions Architect
Bivio Networks Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20101111/e497526a/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: node.cfg
Type: application/octet-stream
Size: 892 bytes
Desc: node.cfg
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20101111/e497526a/attachment.obj
More information about the Bro
mailing list