Hi All ACS 4.15.2 Hypervisor: KVM HyperVisor OS: Ubuntu 20.04
I have been tasked with providing an Intrusion Detection solution for our Cloud customers. Our ACS guest traffic isolation utilises VXLAN and so I have been advised that we cannot implement port mirroring at the physical switch layer. I have been looking at port mirroring at the KVM host level with setting up ingess/egress qdiscs with TC filters to port mirror the guest traffic along a gretap tunnel to the IDS appliance (which is hosted on another platform). So far this seems to mostly work. I’m wondering if this is a viable way of implementing IDS ? As for automating the process could this be done as a Cloudstack custom plugin or would this have to be automated externally to cloudstack. Trying to research into this has been challenging to say the least. I would really appreciate if any of you have any pointers or let me know if I am barking up the wrong tree. Best regards Gary Dixon Technical Consultant T: 0161 537 4980<tel:0161%20537%204980> W: www.quadris.co.uk [cid:[email protected]] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
