Hi Alfredo
Is the a way to distribute the load depending on the packets types which i am receiving to different instances of snort IPS.
Regards
Madhu
________________________________
From: ntop-misc-bounces@listgateway.unipi.it <ntop-misc-bounces@listgateway.unipi.it> on behalf of Madhu R <maddyy123@live.in>
Sent: Tuesday, February 9, 2016 9:20 AM
To: ntop-misc@listgateway.unipi.it
Subject: Re: [Ntop-misc] Zbalance_ipc as a Load balance for snort
Hi Alfredo
Is the a way to distribute the load depending on the packets which i am receiving to different instances of snort IPS.
________________________________
From: ntop-misc-bounces@listgateway.unipi.it <ntop-misc-bounces@listgateway.unipi.it> on behalf of Alfredo Cardigliano <cardigliano@ntop.org>
Sent: Monday, February 8, 2016 9:20 PM
To: ntop-misc@listgateway.unipi.it
Subject: Re: [Ntop-misc] Zbalance_ipc as a Load balance for snort
Hi Madhu
pfring-daq-module-zc requires some extensions in order to support IPS mode in combination with zbalance_ipc,
at the moment it is not able to attach to zbalance_ipc and recv/forward traffic from/to queues in IPS mode.
Alfredo
On 08 Feb 2016, at 13:07, Madhu R <maddyy123@live.in<mailto:maddyy123@live.in>> wrote:
Hi Alfredo
I have a requirement like
assume that there are 4 instances of snort IPS running with different rules on different cores,
now i have distribute packets across multiple instances of snort on the type of packet which i receive at load balancer . I tried to implement this scenario with the zbalance_ipc for the packet distribution (at last i came to know that its not possible to do it with zbalance_ipc). In earlier mail as you suggested to use RSS for distribution load across multiple instances of snort,But I want to distribute the load depending on type of packet. Is there a way to do it using the PF_RING.
Reards
Madhu
________________________________
From: ntop-misc-bounces@listgateway.unipi.it<mailto:ntop-misc-bounces@listgateway.unipi.it> <ntop-misc-bounces@listgateway.unipi.it<mailto:ntop-misc-bounces@listgateway.unipi.it>> on behalf of Alfredo Cardigliano <cardigliano@ntop.org<mailto:cardigliano@ntop.org>>
Sent: Monday, February 8, 2016 2:15 PM
To: ntop-misc@listgateway.unipi.it<mailto:ntop-misc@listgateway.unipi.it>
Subject: Re: [Ntop-misc] Zbalance_ipc as a Load balance for snort
Hi Madhu
please use RSS for distributing the load in IPS mode as described here:
https://github.com/ntop/PF_RING/blob/dev/userland/snort/pfring-daq-module-zc/README.1st [
https://avatars2.githubusercontent.com/u/12014789?v=3&s=400]<
https://github.com/ntop/PF_RING/blob/dev/userland/snort/pfring-daq-module-zc/README.1st>
ntop/PF_RING<
https://github.com/ntop/PF_RING/blob/dev/userland/snort/pfring-daq-module-zc/README.1st>
github.com<
http://github.com/>
PF_RING - High-speed packet processing framework
zbalance_ipc is not supported in the pfring-daq-module-zc at the moment.
Alfredo
On 08 Feb 2016, at 06:51, Madhu R <maddyy123@live.in<mailto:maddyy123@live.in>> wrote:
Hi,
can i use the zbalance_ipc as a load balancer application to distribute the load across different instances of snort IPS .
Regrads,
Madhu
_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it<mailto:Ntop-misc@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it<mailto:Ntop-misc@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
