Dear ntop people,
I use nprobe to aggregate ip packets to IPFIX flows (and then analyze
them on another machine). Because I also aggregate http fields I had to
use multiple nprobe instances to keep up with high throughput rates.
Until now I used zbalance_ipc -m 1 to distribute packets according to
their IP hash to the single nprobe instances.
The problem is that now I need to do kernel routing on the incoming
device, and thus can not use zero copy (or zbalance_ipc) anymore because
that makes the device invisible to the kernel.
The question is:
-Is there another way to distribute the incoming traffic to multiple
nprobe instances (as with IP hashing)?
-Is there a way that I can filter packets in nprobe, so that they are
distributed more or less equally among multiple nprobe instances (again,
same IP should go to same instance)?
Thanks for any hints!
regards
Felix
I use nprobe to aggregate ip packets to IPFIX flows (and then analyze
them on another machine). Because I also aggregate http fields I had to
use multiple nprobe instances to keep up with high throughput rates.
Until now I used zbalance_ipc -m 1 to distribute packets according to
their IP hash to the single nprobe instances.
The problem is that now I need to do kernel routing on the incoming
device, and thus can not use zero copy (or zbalance_ipc) anymore because
that makes the device invisible to the kernel.
The question is:
-Is there another way to distribute the incoming traffic to multiple
nprobe instances (as with IP hashing)?
-Is there a way that I can filter packets in nprobe, so that they are
distributed more or less equally among multiple nprobe instances (again,
same IP should go to same instance)?
Thanks for any hints!
regards
Felix