Good
morning,
I'm writing to ask
for collaboration in finding an improvement to a particular
process.
Today: To get
traffic for our IDS sensors and a billing system, we collect
everything at our core switches (2) by connecting a SPAN port from each
switch to a server (so, 2 interfaces collecting traffic). That server
changes the destination MAC address on all traffic to that of another server
running iproute and sends it out a third interface. The server running
iproute collects the traffic on one interface, and sends traffic to different
sub interfaces depending on the network; a switch connected to the outgoing
traffic allows connection of the IDS sensors, billing system, etc.
The challenge:
I'd like to be able to do one of the following:
1. Just run
iproute, having it take the traffic from the SPAN ports and policy route without
having to have the first server change destination MAC
addresses.
a. Can iproute do policy routing on traffic not destined for it in the
first place (i.e. by having the interfaces in promiscuous
mode)?
b. If not, then does iproute contain functionality that would allow it to
sense all traffic and change the destination MAC address or IP
address?
2. Have
EBTables and iproute running on the same box if #1 above isn't
possible.
a. Can we do this without having to have more interfaces in the box,
connected to each other with crossover cables?
Thanks in advance
for offering feedback or suggestions regarding what we hope to
do.
Ron
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
