Hi Felix you can use the standard pf_ring kernel clustering in nProbe adding the --cluster-id <id> option (you need to specify the same id for all nProbe instances in the group in order to distribute the traffic). You can use a bpf filter (--bpf-filter|-f <filter>) to filter traffic.
Regards Alfredo > On 7 Sep 2018, at 14:55, [email protected] wrote: > > Signed PGP part > Dear ntop people, > > I use nprobe to aggregate ip packets to IPFIX flows (and then analyze > them on another machine). Because I also aggregate http fields I had to > use multiple nprobe instances to keep up with high throughput rates. > Until now I used zbalance_ipc -m 1 to distribute packets according to > their IP hash to the single nprobe instances. > The problem is that now I need to do kernel routing on the incoming > device, and thus can not use zero copy (or zbalance_ipc) anymore because > that makes the device invisible to the kernel. > The question is: > > -Is there another way to distribute the incoming traffic to multiple > nprobe instances (as with IP hashing)? > > -Is there a way that I can filter packets in nprobe, so that they are > distributed more or less equally among multiple nprobe instances (again, > same IP should go to same instance)? > > Thanks for any hints! > > regards > > Felix > > > >
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
