I am using channel bonding with RH 9 and it works great
you must define your bond device in /etc/modules.conf
i.e.
alias bond0 bonding
options bond0 miimon=100 downdelay=0
the man file has the options details with more but they were required to
operate properly.
also
ifconfig bond0 up promisc
ifconfig eth1 up promisc
ifenslave bond0 eth1
ifconfig eth2 up promisc
ifenslave bond0 eth2
I put this in a S98ehtbond under /etc/rc3.d and /etc/rc5.d in case x or no x
window at startup
hope this helps.
Red Hat 8(pretty sure) and sure of 9 has channel bonding already setup.
-----Original Message-----
From: John Flynn [mailto:johnflynn (at) fastmail (dot) fm [email concealed]]
Sent: 01 October 2003 19:54
To: focus-ids (at) securityfocus (dot) com [email concealed]
Subject: port bonding and taps
Hi all,
I'm trying to set up various snort boxes, both on fiber and copper taps. In
order to reconstruct both sides of the stream I understand that one needs to
use multiple cards since the tap outputs the tx and rx on separate channels.
The problem is that to make snort alert correctly one really has to
aggregate the directions. This is commonly done using a spanning port, but
we do not have enough of those at our facility to go around. In linux (and
in general) it seems this idea is called port bonding. There is a bonding
kernel module for linux and appropriate commands for setting this up
(ifenslave etc), but it seems to be very poorly documented. I have tried to
set up bonding multiple times and could not seem to get it to work. Does
anyone have good documentation on how to do this type of set up, or perhaps
a better way to do snort+taps without using a spanning port? Thanks, John
Flynn
--
http://www.fastmail.fm - Accessible with your email software
or over the web
------------------------------------------------------------------------
---
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
------------------------------------------------------------------------
---
you must define your bond device in /etc/modules.conf
i.e.
alias bond0 bonding
options bond0 miimon=100 downdelay=0
the man file has the options details with more but they were required to
operate properly.
also
ifconfig bond0 up promisc
ifconfig eth1 up promisc
ifenslave bond0 eth1
ifconfig eth2 up promisc
ifenslave bond0 eth2
I put this in a S98ehtbond under /etc/rc3.d and /etc/rc5.d in case x or no x
window at startup
hope this helps.
Red Hat 8(pretty sure) and sure of 9 has channel bonding already setup.
-----Original Message-----
From: John Flynn [mailto:johnflynn (at) fastmail (dot) fm [email concealed]]
Sent: 01 October 2003 19:54
To: focus-ids (at) securityfocus (dot) com [email concealed]
Subject: port bonding and taps
Hi all,
I'm trying to set up various snort boxes, both on fiber and copper taps. In
order to reconstruct both sides of the stream I understand that one needs to
use multiple cards since the tap outputs the tx and rx on separate channels.
The problem is that to make snort alert correctly one really has to
aggregate the directions. This is commonly done using a spanning port, but
we do not have enough of those at our facility to go around. In linux (and
in general) it seems this idea is called port bonding. There is a bonding
kernel module for linux and appropriate commands for setting this up
(ifenslave etc), but it seems to be very poorly documented. I have tried to
set up bonding multiple times and could not seem to get it to work. Does
anyone have good documentation on how to do this type of set up, or perhaps
a better way to do snort+taps without using a spanning port? Thanks, John
Flynn
--
http://www.fastmail.fm - Accessible with your email software
or over the web
------------------------------------------------------------------------
---
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
------------------------------------------------------------------------
---
[ reply ]