Re: [Ntop-misc] nscrub config

Mon, 27 Nov 2017 04:02:11 -0800 

Hi Alfredo,

Thank you for the answer.
It seems that I have done the config right. I am reforging 1 to 838 and the routing table seems to be fine. 

So why it not working?
Packets from the internet are not reaching my server at ens160.838.. (I am tcpdumping on the server). One clarification: You say "ingress packets should be tagged with vlan 1". My input packets are untagged (which usually means vlan1). Is that a problem? 

Sp

On 27/11/2017 1:52 μμ, Alfredo Cardigliano wrote:

Hi Spiros
please read below


On 27 Nov 2017, at 12:44, Spiros Papageorgiou <[email protected]> wrote:

Hi all,

I'm need some help configuring nscrub. My setup is routed/symmetric for now:
Internet <---> ens160 (native vlan) <----> ens160.838 (servers)

with just one phy interface (--wan-interface=zc:ens160).

ens160    Link encap:Ethernet  HWaddr 3c:fd:fe:18:0c:e0
           inet addr:x.y.z.34  Bcast:x.y.z.63  Mask:255.255.255.224
ens160.838 Link encap:Ethernet  HWaddr 3c:fd:fe:18:0c:e0
           inet addr:x.y.z.129  Bcast:x.y.z.255  Mask:255.255.255.128

nscrub-cli:
katharistis>
localhost:8880> vlan id 1 reforge 838
src_vlan_id: 1
dst_vlan_id: 838

katharistis> list targets
targets:
   id: ntuanocnet
   subnet:
    x.y.z.128/28

routingtable:
   destination: 0.0.0.0/0
   gw: x.y.z.33


The setup is not working. I can't actually ping my server at x.y.z.130 (on 
ens160.838).
Questions:
- What is the correct setup for this?

You need to configure 2 VLANs (e.g. 1 and 838 as in your current nscrub 
configuration),
nScrub will reforge the VLAN from 1 to 838. This means that ingress packets 
should be tagged with vlan 1,
and they will be sent to VLAN 838.


- Is the vlan reforging as it supposed to be? I don't really understand what is 
supposed to do... I would like to set the output vlan, but reforge needs to do 
a rewrite. What exactly is rewriting?
- I guess in pfring_zc mode, packets don't go up the kernel. So, who is doing 
arp reuqests for x.y.z.130 or x.y.z.33 (gw)?

Kernel is bypassed, however kernel is still involved for ARP traffic.


- When nscrub is running, can i see the packets with tcpdump on en160 and 
ens160.838?

With ZC kernel is bypassed, thus the only way to see packets with tcpdump is 
attaching to the nscrub mirror queues (please refer to the user’s guide)

Alfredo


Thanx,
Sp

_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc



_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Reply via email to