From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: Redirect mirrored traffic to userspace app. [RESOLVED]
Date: Thu, 21 Oct 2010 13:11:25 -0500 [thread overview]
Message-ID: <4CC0824D.6030403@riverviewtech.net> (raw)
In-Reply-To: <AANLkTi=s9LAzk909QAjvhQKUVrn5bC+tgK6n2cfjyvY2@mail.gmail.com>
On 10/21/10 12:56, Mateus Caruccio wrote:
> As I said, I do not have access/permission to run anything in our
> production servers (our admins are a "little" paranoid :) Also, since
> port mirror is mirroring only those specific proto:port packets, I
> dont think that would cause any performance penalty.
(I've not used SPAN / port mirroring in a long time.) Does the SPAN
truly mirror select protocols (UDP) to a given port (2077)? Or does
SPAN mirror all traffic to the switch port?
*chuckle*
I've been on both sides of the paranoia. Usually it's warranted for
security / stability. (Usually)
> Anyway, this is not beautiful as it could, but works for our needs.
> Again, thanks for support. I will keep looking for a more
> straight/clean solution.
Honestly, I don't think this solution is that unclean, at least from a
host point of view. The only dirty part of this I see is the fact that
you have an IP / MAC duplication on the network. However, said
duplication is isolated by a SPAN configuration in a switch. So, it's
not really bad, just something to be mindful of.
I don't know how temporary your dev server is, but I've had 5+ year old
temp installs break when the prod server was replaced, thus changing the
MAC address. Just something else to be mindful of.
> I'm not a protocol/kernel specialist, so this is a good challenge.
Challenges can be fun and frustrating.
Grant. . . .
next prev parent reply other threads:[~2010-10-21 18:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-21 16:42 Redirect mirrored traffic to userspace app. [RESOLVED] Mateus Caruccio
2010-10-21 17:32 ` Grant Taylor
2010-10-21 17:46 ` Mateus Caruccio
2010-10-21 17:41 ` Jan Engelhardt
2010-10-21 17:56 ` Mateus Caruccio
2010-10-21 18:11 ` Grant Taylor [this message]
2010-10-21 18:18 ` Mateus Caruccio
2010-10-26 11:04 ` Jan Engelhardt
2010-10-21 18:03 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CC0824D.6030403@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).