Ensure packets egressing onto the snaps-hcp machine can be picked up by ElasticSearch UDP plugin.

cablelabs / transparent-security

Transparent Security is a solution for identify the source devices of a DDoS attack and mitigates the attack in the customer premises or the access network. This solution leverages a P4 based programmable data plane for add in-band network telemetry (INT) for device identification and in-band mitigation.

https://www.cablelabs.com/vaccinate-your-network-to-prevent-the-spread-of-ddos-attacks

Apache License 2.0

33 stars 4 forks source link

Ensure packets egressing onto the snaps-hcp machine can be picked up by ElasticSearch UDP plugin. #227

Closed spisarski closed 3 years ago

spisarski commented 4 years ago

Ashwini's ElasticSearch plugin cannot sniff an interface as we had been doing since even before the Telemetry Report. As the packets are currently being dumped onto that machine via ae-tun, the ES UDP plugin may simply pick it up if it is listening to 0.0.0.0. If not, we may be able to configure the host route or ensure the IPv4 header has a proper IP value (eth0 IP address or localhost/127.0.0.1 perhaps).

spisarski commented 3 years ago

Packets are also making it to the snaps-hcp machine on tofino too after PR #287 has been merged.