Github user nickwallen commented on the pull request:
https://github.com/apache/incubator-metron/pull/73#issuecomment-208918491
I think that's a bridge to cross later once we refine specific deployment
topologies. The packet capture process differs from the rest of the sensors
that we have to date and requires a bit of special treatment.
- This packet capture process is overkill and too cumbersome in demo/test
environments. It is really only useful for high-throughput production
environments.
- Using kernel bypass technology like this means that the packet capture
process does not share well with others. No other sensors leveraging libpcap
drivers can share the same network interface.
- Packet capture would most always run on a node isolated from the rest of
your cluster. The cluster could be running CentOS 6 while this runs on CentOS
7.
- This process has to be run close to your data. I don't foresee this
running "in the cloud." It could potentially be used in a hybrid cloud
deployment sending data from a secured network to the cloud.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
