[Bro] FTP with PF_RING
duhang
darkheaven1983 at gmail.com
Fri Jul 7 23:07:05 PDT 2017
Hello,
I'm using PF_RING as LB for bro. 4-tuple works pretty well for me before I
start to work with FTP protocol. I found that the command channel and data
channel are balanced to different bro workers which cause ftp data cannot
be handled properly. It can be resolved by using 2-tuple as pfring cluster
type. However, using 2-tuple cause the load to different workers is not
even especially for the case that one IP has a peak time to the same dest
ip. Is there a better solution to cope with this? Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170708/1f9e84cf/attachment.html
More information about the Bro
mailing list