[Bro] Arista Traffic Shunting

Aashish Sharma asharma at lbl.gov
Mon Jul 31 10:20:40 PDT 2017


(While Justin and others chime in)

We are relying on :

https://github.com/esnet/dumbno (this one has IPv6 support) Originally
we started with Justin's branch here: https://github.com/ncsa/dumbno

On bro side there is a conn-bulk.bro and react framework 

Here: https://github.com/JustinAzoff/bro-react

This ties bro with dumbno.py which talks with arista to apply and remove
ACLs. 

If you need specific arista configurations, I can send you our arista configs
too. 

Aashish 




On Mon, Jul 31, 2017 at 04:40:52PM +0000, Logan Miller wrote:
> Hello everyone,
> 
> We have a bro cluster setup and running but we are getting a lot of packet loss from elephant flows. We've seen that a lot of people use an Arista switch to block these flows but we haven't seen how to interface with Arista from bro. How do people do traffic shunting using Arista?
> 
> These are the sources where we've seen people shunting traffic with Arista:
> http://www.cspi.com/wp-content/uploads/2016/09/Berkeley-100GIntrusionDetection.pdf
> http://mailman.icsi.berkeley.edu/pipermail/bro/2015-January/008038.html
> http://www.ucop.edu/information-technology-services/initiatives/sautter-award-program/sautter-2015/berkeley_lab-sautterawardnomination2015.pdf
> 
> Thanks,
> 
> Logan Miller
> Network Security Engineer
> Brigham Young University
> Office of IT

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list