Hi Spiros please read below > On 27 Nov 2017, at 12:44, Spiros Papageorgiou <[email protected]> wrote: > > Hi all, > > I'm need some help configuring nscrub. My setup is routed/symmetric for now: > Internet <---> ens160 (native vlan) <----> ens160.838 (servers) > > with just one phy interface (--wan-interface=zc:ens160). > > ens160 Link encap:Ethernet HWaddr 3c:fd:fe:18:0c:e0 > inet addr:x.y.z.34 Bcast:x.y.z.63 Mask:255.255.255.224 > ens160.838 Link encap:Ethernet HWaddr 3c:fd:fe:18:0c:e0 > inet addr:x.y.z.129 Bcast:x.y.z.255 Mask:255.255.255.128 > > nscrub-cli: > katharistis> > localhost:8880> vlan id 1 reforge 838 > src_vlan_id: 1 > dst_vlan_id: 838 > > katharistis> list targets > targets: > id: ntuanocnet > subnet: > x.y.z.128/28 > > routingtable: > destination: 0.0.0.0/0 > gw: x.y.z.33 > > > The setup is not working. I can't actually ping my server at x.y.z.130 (on > ens160.838). > Questions: > - What is the correct setup for this?
You need to configure 2 VLANs (e.g. 1 and 838 as in your current nscrub configuration), nScrub will reforge the VLAN from 1 to 838. This means that ingress packets should be tagged with vlan 1, and they will be sent to VLAN 838. > - Is the vlan reforging as it supposed to be? I don't really understand what > is supposed to do... I would like to set the output vlan, but reforge needs > to do a rewrite. What exactly is rewriting? > - I guess in pfring_zc mode, packets don't go up the kernel. So, who is doing > arp reuqests for x.y.z.130 or x.y.z.33 (gw)? Kernel is bypassed, however kernel is still involved for ARP traffic. > - When nscrub is running, can i see the packets with tcpdump on en160 and > ens160.838? With ZC kernel is bypassed, thus the only way to see packets with tcpdump is attaching to the nscrub mirror queues (please refer to the user’s guide) Alfredo > > Thanx, > Sp > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
