<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2838" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=704510616-20042006><FONT face=Arial size=2>Good
morning,</FONT></SPAN></DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial size=2>I'm writing to ask
for collaboration in finding an improvement to a particular
process.</FONT></SPAN></DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial size=2>Today: To get
traffic for our IDS sensors and a billing system, we collect
everything at our core switches (2) by connecting a SPAN port from each
switch to a server (so, 2 interfaces collecting traffic). That server
changes the destination MAC address on all traffic to that of another server
running iproute and sends it out a third interface. The server running
iproute collects the traffic on one interface, and sends traffic to different
sub interfaces depending on the network; a switch connected to the outgoing
traffic allows connection of the IDS sensors, billing system, etc.
</FONT></SPAN></DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial size=2>The challenge:
I'd like to be able to do one of the following:</FONT></SPAN></DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial size=2>1. Just run
iproute, having it take the traffic from the SPAN ports and policy route without
having to have the first server change destination MAC
addresses.</FONT></SPAN></DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial size=2>
a. Can iproute do policy routing on traffic not destined for it in the
first place (i.e. by having the interfaces in promiscuous
mode)?</FONT></SPAN></DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial size=2>
b. If not, then does iproute contain functionality that would allow it to
sense all traffic and change the destination MAC address or IP
address?</FONT></SPAN></DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial size=2>2. Have
EBTables and iproute running on the same box if #1 above isn't
possible.</FONT></SPAN></DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial size=2>
a. Can we do this without having to have more interfaces in the box,
connected to each other with crossover cables?</FONT></SPAN></DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial size=2>Thanks in advance
for offering feedback or suggestions regarding what we hope to
do.</FONT></SPAN></DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=704510616-20042006><FONT face=Arial
size=2>Ron</FONT></SPAN></DIV></BODY></HTML>