[LARTC] EBTables, iproute, etc.
Braley, Ron
ron.braley at berbee.com
Thu Apr 20 18:18:32 CEST 2006
Good morning,
I'm writing to ask for collaboration in finding an improvement to a
particular process.
Today: To get traffic for our IDS sensors and a billing system, we
collect everything at our core switches (2) by connecting a SPAN port
from each switch to a server (so, 2 interfaces collecting traffic).
That server changes the destination MAC address on all traffic to that
of another server running iproute and sends it out a third interface.
The server running iproute collects the traffic on one interface, and
sends traffic to different sub interfaces depending on the network; a
switch connected to the outgoing traffic allows connection of the IDS
sensors, billing system, etc.
The challenge: I'd like to be able to do one of the following:
1. Just run iproute, having it take the traffic from the SPAN ports and
policy route without having to have the first server change destination
MAC addresses.
a. Can iproute do policy routing on traffic not destined for it in
the first place (i.e. by having the interfaces in promiscuous mode)?
b. If not, then does iproute contain functionality that would allow
it to sense all traffic and change the destination MAC address or IP
address?
2. Have EBTables and iproute running on the same box if #1 above isn't
possible.
a. Can we do this without having to have more interfaces in the
box, connected to each other with crossover cables?
Thanks in advance for offering feedback or suggestions regarding what we
hope to do.
Ron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20060420/cb9988d3/attachment.html
More information about the LARTC
mailing list