[Bro] Arista Traffic Shunting
Aashish Sharma
asharma at lbl.gov
Mon Jul 31 10:20:40 PDT 2017
(While Justin and others chime in)
We are relying on :
https://github.com/esnet/dumbno (this one has IPv6 support) Originally
we started with Justin's branch here: https://github.com/ncsa/dumbno
On bro side there is a conn-bulk.bro and react framework
Here: https://github.com/JustinAzoff/bro-react
This ties bro with dumbno.py which talks with arista to apply and remove
ACLs.
If you need specific arista configurations, I can send you our arista configs
too.
Aashish
On Mon, Jul 31, 2017 at 04:40:52PM +0000, Logan Miller wrote:
> Hello everyone,
>
> We have a bro cluster setup and running but we are getting a lot of packet loss from elephant flows. We've seen that a lot of people use an Arista switch to block these flows but we haven't seen how to interface with Arista from bro. How do people do traffic shunting using Arista?
>
> These are the sources where we've seen people shunting traffic with Arista:
> http://www.cspi.com/wp-content/uploads/2016/09/Berkeley-100GIntrusionDetection.pdf
> http://mailman.icsi.berkeley.edu/pipermail/bro/2015-January/008038.html
> http://www.ucop.edu/information-technology-services/initiatives/sautter-award-program/sautter-2015/berkeley_lab-sautterawardnomination2015.pdf
>
> Thanks,
>
> Logan Miller
> Network Security Engineer
> Brigham Young University
> Office of IT
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list