ClusterFrontendClickModularRouter

From BroWiki

Jump to: navigation, search

This is an example configuration for the Click! Modular Router. Click! is a software router. Currently on a 1Gbps connection, it is using about 60% CPU on a quad Xeon E5520. It works well if you are evaluating Bro and can not afford a full-sized hardware cluster. Click! can also be used to ignore some traffic if the cluster is getting overloaded. In this example, we have a server with eight cores (dual quad cores), click runs on one core and Bro worker processes run on the other seven. There is a separate server that runs the manager and two proxies processes. Because the workers only attach to seven cores (tap0 through tap6), the remaining network traffic (tap7 - tap11) is ignored. This of course is not ideal but can be used to maintain cluster performance when using less than adequate hardware. Thanks to Justin Azoff for providing this template on the mailing list. 

// Example bro-load-balance.click.12workers 
tap0 :: KernelTap(192.168.99.1/32) -> Discard;
tap1 :: KernelTap(192.168.99.2/32) -> Discard;
tap2 :: KernelTap(192.168.99.3/32) -> Discard;
tap3 :: KernelTap(192.168.99.4/32) -> Discard;
tap4 :: KernelTap(192.168.99.5/32) -> Discard;
tap5 :: KernelTap(192.168.99.6/32) -> Discard;
tap6 :: KernelTap(192.168.99.7/32) -> Discard;
tap7 :: KernelTap(192.168.99.8/32) -> Discard;
tap8 :: KernelTap(192.168.99.9/32) -> Discard;
tap9 :: KernelTap(192.168.99.10/32) -> Discard;
tap10 :: KernelTap(192.168.99.11/32) -> Discard;
tap11 :: KernelTap(192.168.99.12/32) -> Discard;

// Grab source and destination IP and hash together.  Source IP starts at position 26 in 
// the IP header, and is four bytes, the destination follows as an additional four bytes.
my_switch :: HashSwitch(26, 8);

// eth1 is the name of the ethernet interface
// Example: FromDevice(eth1, PROMISC true, CAPTURE PCAP, BPF_FILTER "not (host xxx.xxx.xxx.xxx)" ) -> my_switch;
FromDevice(eth1, PROMISC true, CAPTURE PCAP ) -> my_switch;

my_switch[0] -> Queue -> tap0;
my_switch[1] -> Queue -> tap1;
my_switch[2] -> Queue -> tap2;
my_switch[3] -> Queue -> tap3;
my_switch[4] -> Queue -> tap4;
my_switch[5] -> Queue -> tap5;
my_switch[6] -> Queue -> tap6;
my_switch[7] -> Queue -> tap7;
my_switch[8] -> Queue -> tap8;
my_switch[9] -> Queue -> tap9;
my_switch[10] -> Queue -> tap10;
my_switch[11] -> Queue -> tap11;

The processes can be started by running: 

click bro-load-balance.click.12workers &

Bro's $BROHOME/etc/node.cfg needs to be updated to point to the tun0 - tunX interfaces. Create a new worker entry for each interface you want to use. This should be equal to or less than the number of processor cores on the worker server.

Example node.cfg worker entry: 

[worker-1]
type=worker
host=your_hostname_here
interface=tap0

# repeat above block for each worker node
Retrieved from "http://www-old.bro-ids.org/wiki/index.php/ClusterFrontendClickModularRouter"
Personal tools
User Management