[Bro] PF_PACKET load balancing
Seth Hall
seth at icir.org
Fri Jun 26 08:01:39 PDT 2015
> On Jun 26, 2015, at 4:04 AM, Albert Zaharovits <albert.zaharovits at gmail.com> wrote:
>
> You compile them (the IDS) with the latest version of pcap, and use pcap filters to achieve load balancing.
I’ve actually implemented BPF filters for load balancing before and it’s not good. You end up having to implement the modulus operator in BPF (yes, it’s possible) but then that expensive filter ends up being executed for each separate process. A user tested it on a large network and the result was bad.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150626/e2072061/attachment.bin
More information about the Bro
mailing list