TR: [Labrea-users] Listening on multiple logical segments con't
Status: Abandoned
Brought to you by:
lorgor
Menu
▾
▴
TR: [Labrea-users] Listening on multiple logical segments con't
|
From: Gordon, L. <Lor...@te...> - 2004-02-27 15:26:36
|
Good follow-on question, lorgo -----Message d'origine----- De : lorgor Envoy=E9 : 27 f=E9vrier, 2004 10:14 =C0 : keith Objet : RE: [Labrea-users] Listening on multiple logical segments When labrea gives a message about the subnet being too big, it is = saying that certain function will disabled (i.e. initial ARP sweep). This = occurs if the capture subnet is bigger than 1024 addresses. The idea is that even = a single big switch normally doesn't have more than this number of = attached devices. And you don't want some program blasting out thousands of = ARPs. Can cause the production switch to start behaving like a hub, or do other = things that will make the network folks unhappy. The arp sweep allows labrea to proactively find out what is connected = to the local segment and what IP addresses are not used. However labrea should = work fine without the arp sweep. The bottom line is this. If labrea can allocate its arrays and run, = then it should work, even if the capture subnets are huge. However a /19 subnet has only 8192 elements if my math is correct. The corresponding labrea arrays will not be that big; labrea should run properly. ------------------------- So you should run one instance of labrea with a /19 capture subnet, and exclude the production subnets using the config file statements. lorgor -----Message d'origine----- De : Keith=20 Envoy=E9 : 23 f=E9vrier, 2004 14:27 =C0 : lorgor Objet : RE: [Labrea-users] Listening on multiple logical segments Capture subnet is /19 and it says way too big. I tested running two instances concurrently with no apparent ill affects other than conflicting log file entries like: x.y.z.q not my network x.y.z.q captured I tried manually defining with the -n argument as I said but you can only define one. If you define more than one only the last one is remebered. What about instead of capturing multple networks or subnets how about just a larger network or supernet something like x.x.x.x/19 (32 class C's)? and then as you say I can add entries to the conf for it to ignor. Still require major surgury? -Keith > -----Original Message----- > From: lorgor > Sent: Monday, February 23, 2004 9:44 AM > To: keith > Subject: RE: [Labrea-users] Listening on multiple logical segments >=20 >=20 > Keith, >=20 > Your comment is correct. Labrea handles only one capture subnet. >=20 > Am at home recovering from a sinus operation (not your=20 > problem!) so can't > fool around with tests. >=20 > The idea of running multiple instances of labrea is one I=20 > haven't tested. > Does it work correctly for you? >=20 > Will it work in general? Depends on libdnet. FWIW can't think=20 > of any reason > off-hand. YMMV. >=20 > Why didn't you define a larger address space and then use the=20 > configuration > file "exclude" to tell labrea not to touch the live blocks?=20 > (ie capture > "everything" but don't touch this or this or that) Too much=20 > work / too many > disjointed class C subnets? Capture subnet too big? >=20 > You can manually define the capture subnet using the=20 > --network parameter. > With CIDR notation (xx.xx.xx.xx/nn), you can specify the=20 > subnet mask as > well. This would be another way to get one instance of labrea=20 > to not capture > the other one's subnets. >=20 > I've always thought labrea had too much flexibility / too=20 > many parameters. > However your need is new (to me) and is reasonable. >=20 > Labrea could be modified to handle multiple capture subnets,=20 > but this would > require major surgery. Would have to hear from others that=20 > this is generally > required before deciding to invest the time and effort=20 > required to do the > modification. >=20 > Thanks for a very interesting question. Hope this helps, >=20 > lorgor >=20 > -----Message d'origine----- > De : Keith > Envoy=E9 : Thursday, February 19, 2004 10:05 AM > =C0 : lab...@li... > Objet : [Labrea-users] Listening on multiple logical segments >=20 >=20 > Hello Labrea list, > I'm running Labrea on a physical segment that "sees" > ARP whois resquest broadcasts on multiple logical networks > i.e. more than one class C block or subnets thereof. > I could not find a way to tell Labrea to handle more > than one block of addresses so I tested running two > instances of Labrea passing the second block with a -n=20 > argument. The log output shows addresses from both blocks > being captured. Question: Is this the most efficient way > to accomplish what I want (running a separate instance for each > address block)? Would I run into a problem other than > resource consumption if I ran say 8 or 16 or 32 instances > of Labrea on the same box each handling a different logical network? > Is there a way to specify multiple blocks in the conf or > CLI for a single instance? > -Keith >=20 >=20 >=20 > ------------------------------------------------------- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=3D1356&alloc_id=3D3438&op=3Dclick > _______________________________________________ > Labrea-users mailing list > Lab...@li... > https://lists.sourceforge.net/lists/listinfo/labrea-users >=20 |
