I have an idea of how to do this but haven't tested it yet. Wanted to post here to see if anyone else had other ideas.
We are building a new environment using Linux KVM as the hypervisors, and VXLAN TEPs on the hosts. Essentially building a "private cloud" type thing where everything will be a VM and the VMs will exclusively communicate via the overlay networks.
We need to setup taps so that all traffic gets sent to a VM running bro/snort for security analysis. Ideally, the collection machine should not have to manipulate or even know about VXLAN headers. But this is not a hard requirement.
I know that VMware has tools that make this simple. But given our technology choices, how would you set this up on the hypervisors? Preferably using only native Linux tools (ie: no OVS).
No comments:
Post a Comment