[Bro] Arista Traffic Shunting
James Dickenson
jdickenson at gmail.com
Mon Jul 31 10:13:27 PDT 2017
I would also be interested to see what an implementation of this looks
like. From my very very limited understanding is they are using the
Arista's RESTful API. In the Berkley document the have the arista
switch configs and it includes '
management api httpcommands'. Unsure how on the bro end they are
determining which flows to terminate and what logic controls that.
https://eos.arista.com/arista-eapi-101/
-James
On Mon, Jul 31, 2017 at 9:40 AM, Logan Miller <logan_miller at byu.edu> wrote:
> Hello everyone,
>
>
>
> We have a bro cluster setup and running but we are getting a lot of packet
> loss from elephant flows. We’ve seen that a lot of people use an Arista
> switch to block these flows but we haven’t seen how to interface with Arista
> from bro. How do people do traffic shunting using Arista?
>
>
>
> These are the sources where we’ve seen people shunting traffic with Arista:
>
> http://www.cspi.com/wp-content/uploads/2016/09/Berkeley-100GIntrusionDetection.pdf
>
> http://mailman.icsi.berkeley.edu/pipermail/bro/2015-January/008038.html
>
> http://www.ucop.edu/information-technology-services/initiatives/sautter-award-program/sautter-2015/berkeley_lab-sautterawardnomination2015.pdf
>
>
>
> Thanks,
>
>
>
> Logan Miller
>
> Network Security Engineer
>
> Brigham Young University
>
> Office of IT
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list