Snort mailing list archives
Re: IDS Load Balancer
From: Jeff Coppock <jcoppock1 () comcast net>
Date: Tue, 28 Feb 2006 21:38:15 -0800
barryab63-ia () yahoo com wrote:
Load balancing IDS's has a lot of gotcha's that you have to look out for.Sourcefire has an IDS that is rated for GIGE, up to 4 GIG. I'd definately try to find a solution that didn't include load balancing. No matter how you do it, you'll end up giving up something. Barry----- Original Message ---- From: Angel R <a_ti_92 () yahoo com> To: snort-users () lists sourceforge net Sent: Sunday, February 26, 2006 9:35:03 PM Subject: [Snort-users] IDS Load Balancer Dear All,I'm going to start a project to implement an end to end IDS solution in a data center. My problem is that high traffic rate in the data center leads me to use an load balancer to balance the traffic to multiple Snort servers. I'll be thankful if you help me to find a proper [including commercial] solution.Thanks all
Take a look at the Nortel Application Switch. It has a specific mode for load balancing IDS servers. This mode makes sure that all the packets for a client/server session get sent to the same IDS server in the farm. That's the key, keeping the sessions together.
You can also have multple IDS Server groups and you can filter such that traffic for specific applications get sent to a particular IDS Server group.
jc -- Jeff Coppock Systems Engineer Diggin' Debian Admin and User ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IDS Load Balancer Angel R (Feb 26)
- Re: IDS Load Balancer barryab63-ia (Feb 27)
- Re: IDS Load Balancer Jeff Coppock (Feb 28)
- <Possible follow-ups>
- RE: IDS Load Balancer Briggs, Bruce (Feb 26)
- RE: IDS Load Balancer Angel R (Feb 26)
- Re: IDS Load Balancer Gulfie (Feb 27)
- RE: IDS Load Balancer Angel R (Feb 26)
- RE: IDS Load Balancer Richard Bejtlich (Feb 27)
- Re: IDS Load Balancer barryab63-ia (Feb 27)