Tapping/Mirroring network traffic among containers?

flannel-io / flannel

flannel is a network fabric for containers, designed for Kubernetes

Apache License 2.0

8.72k stars 2.87k forks source link

Tapping/Mirroring network traffic among containers? #310

Closed pmcao closed 8 years ago

pmcao commented 9 years ago

I'm building an Intrusion Detection System that needs to inspect inter-container network traffic. My plan is to setup a tap interface and to mirror traffic to the IDS. Could you suggest some pointer to achieve this with flannel?

Thanks!

eyakubovich commented 9 years ago

@pmcao Since flannel can use a variety of options to forward traffic, both encapsulated and not, I would try to capture the traffic before it hits flannel. So I would try using a span port on a vswitch (e.g OVS) and connect containers to that instead of the default linux-bridge. If you'd like to use linux-bridge, you could use libpcap (PF_PACKET) to capture the traffic.