[Bro] Arista Traffic Shunting

James Eyrich eyrich at illinois.edu
Mon Jul 31 10:21:47 PDT 2017


https://github.com/ncsa/dumbno



On 7/31/2017 11:40 AM, Logan Miller wrote:
>
> Hello everyone,
>
>  
>
> We have a bro cluster setup and running but we are getting a lot of
> packet loss from elephant flows. We’ve seen that a lot of people use
> an Arista switch to block these flows but we haven’t seen how to
> interface with Arista from bro. How do people do traffic shunting
> using Arista?
>
>  
>
> These are the sources where we’ve seen people shunting traffic with
> Arista:
>
> http://www.cspi.com/wp-content/uploads/2016/09/Berkeley-100GIntrusionDetection.pdf
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.cspi.com_wp-2Dcontent_uploads_2016_09_Berkeley-2D100GIntrusionDetection.pdf&d=DwMFAg&c=8hUWFZcy2Z-Za5rBPlktOQ&r=EMuTWfOe2kiZaxGiCeQB7vFrzy158dayYRC-12nlU7E&m=nf6faqdbsWmnLXCTcrTcRnfEhieILrTt-1U5D_Z3Fn8&s=pEwPCWBziuTxbgYMRDSzZY5spLWvw13b5pPFE9spw7k&e=>
>
> http://mailman.icsi.berkeley.edu/pipermail/bro/2015-January/008038.html
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.icsi.berkeley.edu_pipermail_bro_2015-2DJanuary_008038.html&d=DwMFAg&c=8hUWFZcy2Z-Za5rBPlktOQ&r=EMuTWfOe2kiZaxGiCeQB7vFrzy158dayYRC-12nlU7E&m=nf6faqdbsWmnLXCTcrTcRnfEhieILrTt-1U5D_Z3Fn8&s=9QA0YRW2DqQYuc6bUCPiBefcaX1ZA4U-jWxhw2eQ_Vs&e=>
>
> http://www.ucop.edu/information-technology-services/initiatives/sautter-award-program/sautter-2015/berkeley_lab-sautterawardnomination2015.pdf
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ucop.edu_information-2Dtechnology-2Dservices_initiatives_sautter-2Daward-2Dprogram_sautter-2D2015_berkeley-5Flab-2Dsautterawardnomination2015.pdf&d=DwMFAg&c=8hUWFZcy2Z-Za5rBPlktOQ&r=EMuTWfOe2kiZaxGiCeQB7vFrzy158dayYRC-12nlU7E&m=nf6faqdbsWmnLXCTcrTcRnfEhieILrTt-1U5D_Z3Fn8&s=nEm9H8j8r6LUOstzBphNGfPodi_vojZnDn331Mcp_bM&e=>
>
>  
>
> Thanks,
>
>  
>
> Logan Miller
>
> Network Security Engineer
>
> Brigham Young University
>
> Office of IT
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-- 
----------------------------------------
James Eyrich
Manager - Incident Response and Security
National Center for Supercomputer Applications
University of Illinois at Urbana-Champaign
eyrich at illinois.edu
217-265-6867

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170731/fc03e80a/attachment.html 


More information about the Bro mailing list