[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many to many dup-to option?



Maybe you could chain multiple dup-to boxes togeather, or chain several
interfaces on one box?  I don't know a thing about dup-to, but it seems like
it might work.
       _
------|A|--[ destination 1 ]
       | 
       -
      |B|--[ destination 2 ]
       |       -
      |C|--[ destination 3 ]
-Dylan
> Thought I would reply to multiple responses in one post to cut down on
> noise...
> 
> > I do not believe that this will work, as only the last matching rule
> > (or first matching rule that has 'quick') is used.
> 
> Yes, this was my gut feeling too, but I have been unable to find any
> validation of this in the docs or through google.
> 
> Also, someone else suggested using creating a bridge, but I don't
> think thats necessary here because bridges are used for two-way
> communications where I'm just looking for a forwarding of packets to
> multiple destinations.  If the bridge configuration allows me to
> aggregate network feed like I want and dup-to doesn't then of course
> I'll go that route.  Another concern with using bridge is that since
> it is a two way connection there might be additional overhead in
> maintaining communications (maybe it would try to keep state?) and I
> don't know what the impact that the added functionality would have on
> performance.
> 
> >Maybe you can to use multicast address as destination.
> 
> Unfortunately dup-to requires you to specify a physical network
> interface for where to send the traffic to.  You can specify an
> address associated with that network interface, but I'm not really
> sure what benefit this has because your ids/analyzer/etc still has to
> be attached to that rj45 port.
> 
> I'm at that point where my network feeds are so intensive that a hub
> is no longer sufficient, but I don't think my current operation is
> large enough to justify the hefty expense of netoptics regeneration
> equipment.  I was hoping maybe one of the power user ISP types around
> here (Henning and others?) might have tried something like this
> already and could save me the effort of testing all these scenarios.