Hi You should do port mirroring at your Switch or Router , instead of Cloud Node .
On Fri, Jul 22, 2022 at 12:20 AM Gary Dixon <gary.di...@quadris.co.uk.invalid> wrote: > > > Hi All > > > > ACS 4.15.2 > > Hypervisor: KVM > > HyperVisor OS: Ubuntu 20.04 > > > > I have been tasked with providing an Intrusion Detection solution for our > Cloud customers. Our ACS guest traffic isolation utilises VXLAN and so I > have been advised that we cannot implement port mirroring at the physical > switch layer. > > I have been looking at port mirroring at the KVM host level with setting > up ingess/egress qdiscs with TC filters to port mirror the guest traffic > along a gretap tunnel to the IDS appliance (which is hosted on another > platform). So far this seems to mostly work. > > > > Iām wondering if this is a viable way of implementing IDS ? As for > automating the process could this be done as a Cloudstack custom plugin or > would this have to be automated externally to cloudstack. Trying to > research into this has been challenging to say the least. I would really > appreciate if any of you have any pointers or let me know if I am barking > up the wrong tree. > > > > Best regards > > > > *Gary Dixon**ā**ā* > > Technical Consultant > > T: 0161 537 4980 <0161%20537%204980> > > W: www.quadris.co.uk > > *The information contained in this e-mail from Quadris may be confidential > and privileged for the private use of the named recipient. The contents of > this e-mail may not necessarily represent the official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please destroy > any hard copies and delete this message.* > > > -- Regards, Hean Seng
