[Bro] cluster question
erik clark
philosnef at gmail.com
Fri Oct 7 05:02:19 PDT 2016
I noticed the previous gentleman running 160 workers (I assume 16 boxes
with 10 workers each??) in a cluster, and had a general question about this.
If I am pumping out well above 5Gb/s, doesn't that mean running in a cluser
that I am pushing 5 right back out the other side? If so, this doesn't seem
to scale well beyond 5ish Gb/s.
At what point, and how many pps, should we move away from a single manager
host talking to cluster hosts? Even if there is no processing by bro on the
manager, you still have bandwidth issues, unless you are loading up your
bro manager with multiple 10 gig nics, and are loadbalancing upstream, in
which case, why aren't you just load balancing to stand alone boxes each
with their own manager, logger, and set of workers?
It seems to me that running multiple physical bro hosts tied to a single
manager is the poor mans solution to running proper load balancing hardware
upstream. Am I mistaken?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161007/df48867d/attachment-0001.html
More information about the Bro
mailing list