[Bro] Quick load balancing question
James Lay
jlay at slave-tothe-box.net
Mon Oct 3 08:24:42 PDT 2016
So here's an instance of bro via command line with two nic's:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 2278 0.0 0.0 66264 1468 ? S Sep20 0:00 \_
sudo /usr/local/bro/bin/bro --no-checksums -i eth0 -i ppp0 --filter not
ip6 local Site::local_nets += { 192.168.1.0/24 }
root 2280 22.2 4.0 1484900 247056 ? Sl Sep20 4208:33
\_ /usr/local/bro/bin/bro --no-checksums -i eth0 -i ppp0 --filter not
ip6 local Site::local_nets += { 192.168.1.0/24 }
An instance of bro using broctl standalone, just one nic:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 7479 0.0 0.1 12572 2896 ? S 09:18 0:00
/bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth0 -U .status -p
broctl -p broctl-live -p standalone -p local -p bro local.bro broctl
broctl/standalone broctl/auto --no-checksums --filter not ip6
root 7485 25.9 2.8 523644 57328 ? Rl 09:18 0:11
/opt/bro/bin/bro -i eth0 -U .status -p broctl -p broctl-live -p
standalone -p local -p bro local.bro broctl broctl/standalone
broctl/auto --no-checksums --filter not ip6
root 7543 0.0 2.1 162880 42560 ? SN 09:18 0:00
/opt/bro/bin/bro -i eth0 -U .status -p broctl -p broctl-live -p
standalone -p local -p bro local.bro broctl broctl/standalone
broctl/auto --no-checksums --filter not ip6
Lastly an instance using pf_ring load balancing, just one one nic:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 4072 0.0 0.0 12572 528 ? S Oct02 0:00
/bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -U .status -p broctl
-p broctl-live -p local -p logger local.bro broctl
base/frameworks/cluster broctl/auto --no-checksums --filter not ipv6
root 4078 2.6 0.1 1365652 4040 ? Sl Oct02 41:53 \_
/opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p logger
local.bro broctl base/frameworks/cluster broctl/auto --no-checksums
--filter not ipv6
root 4079 0.0 0.0 118428 832 ? SN Oct02 0:09 \_
/opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p logger
local.bro broctl base/frameworks/cluster broctl/auto --no-checksums
--filter not ipv6
root 4121 0.0 0.0 12572 524 ? S Oct02 0:00
/bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -U .status -p broctl
-p broctl-live -p local -p manager local.bro broctl
base/frameworks/cluster local-manager.bro broctl/auto --no-checksums
--filter not ipv6
root 4127 3.7 0.4 119316 13592 ? S Oct02 58:03 \_
/opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p manager
local.bro broctl base/frameworks/cluster local-manager.bro broctl/auto
--no-checksums --filter not ipv6
root 4128 0.0 0.0 118796 680 ? SN Oct02 0:07 \_
/opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p manager
local.bro broctl base/frameworks/cluster local-manager.bro broctl/auto
--no-checksums --filter not ipv6
root 4161 0.0 0.0 12572 528 ? S Oct02 0:00
/bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -U .status -p broctl
-p broctl-live -p local -p proxy-1 local.bro broctl
base/frameworks/cluster local-proxy broctl/auto --no-checksums --filter
not ipv6
root 4167 3.7 0.2 111780 6344 ? S Oct02 58:13 \_
/opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p proxy-1
local.bro broctl base/frameworks/cluster local-proxy broctl/auto
--no-checksums --filter not ipv6
root 4186 0.0 0.0 118436 492 ? SN Oct02 0:07 \_
/opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p proxy-1
local.bro broctl base/frameworks/cluster local-proxy broctl/auto
--no-checksums --filter not ipv6
root 4225 0.0 0.0 12576 528 ? S Oct02 0:00
/bin/bash /opt/bro/share/broctl/scripts/run-bro 1 -i eth0 -U .status -p
broctl -p broctl-live -p local -p worker-1-2 local.bro broctl
base/frameworks/cluster local-worker.bro broctl/auto --no-checksums
--filter not ipv6
root 4239 17.8 11.8 540792 361052 ? S Oct02 278:21 \_
/opt/bro/bin/bro -i eth0 -U .status -p broctl -p broctl-live -p local -p
worker-1-2 local.bro broctl base/frameworks/cluster local-worker.bro
broctl/auto --no-checksums --filter not ipv6
root 4245 0.0 8.6 380428 264796 ? SN Oct02 0:08 \_
/opt/bro/bin/bro -i eth0 -U .status -p broctl -p broctl-live -p local -p
worker-1-2 local.bro broctl base/frameworks/cluster local-worker.bro
broctl/auto --no-checksums --filter not ipv6
root 4230 0.0 0.0 12576 528 ? S Oct02 0:00
/bin/bash /opt/bro/share/broctl/scripts/run-bro 0 -i eth0 -U .status -p
broctl -p broctl-live -p local -p worker-1-1 local.bro broctl
base/frameworks/cluster local-worker.bro broctl/auto --no-checksums
--filter not ipv6
root 4242 21.0 11.8 537128 362680 ? S Oct02 327:41 \_
/opt/bro/bin/bro -i eth0 -U .status -p broctl -p broctl-live -p local -p
worker-1-1 local.bro broctl base/frameworks/cluster local-worker.bro
broctl/auto --no-checksums --filter not ipv6
root 4248 0.0 8.6 380436 264768 ? SN Oct02 0:08 \_
/opt/bro/bin/bro -i eth0 -U .status -p broctl -p broctl-live -p local -p
worker-1-1 local.bro broctl base/frameworks/cluster local-worker.bro
broctl/auto --no-checksums --filter not ipv6
for the pf_ring I have the below:
[worker-1]
type=worker
host=localhost
interface=eth0
lb_method=pf_ring
lb_procs=2
pin_cpus=0,1
So my question is twofold,...does each pinned cpu get a process, and, is
there a way to get load balancing using just standalone, without needing
the logger, worker, and proxy processes? Thank you.
James
More information about the Bro
mailing list