# Using udp-breeder to redistribute UDP traffic # In this example we have the NOC box receiving flows from each group's # router and from softflowd. # Also, each PC receives from its own router and from the lab gw # Note: port numbers changed a bit from previous docs. In /etc/default/softflowd: -------------------------------------------------------------------------------------- INTERFACE="any" OPTIONS="-n 10.10.0.250:9009 -v 5" -------------------------------------------------------------------------------------- This goes in /etc/rc.local: -------------------------------------------------------------------------------------- # Redirect flows from softflowd to the port where nfcap will listen and also to each PC /usr/local/bin/udp-breeder -p 9009 127.0.0.1:9000 \ 10.10.1.1:9900 10.10.1.2:9900 10.10.1.3:9900 10.10.1.4:9900 \ 10.10.2.5:9900 10.10.2.6:9900 10.10.2.7:9900 10.10.2.8:9900 \ 10.10.3.9:9900 10.10.3.10:9900 10.10.3.11:9900 10.10.3.12:9900 \ 10.10.4.13:9900 10.10.4.14:9900 10.10.4.15:9900 10.10.4.16:9900 \ 10.10.5.17:9900 10.10.5.18:9900 10.10.5.19:9900 10.10.5.20:9900 \ 10.10.6.21:9900 10.10.6.22:9900 10.10.6.23:9900 10.10.6.24:9900 # # Redirect flows coming from routers to myself on different ports and to each PC in each group # # Group 1 /usr/local/bin/udp-breeder -p 9991 127.0.0.1:9001 10.10.1.1:9009 10.10.1.2:9009 10.10.1.3:9009 10.10.1.4:9009 # Group 2 /usr/local/bin/udp-breeder -p 9992 127.0.0.1:9002 10.10.2.5:9009 10.10.2.6:9009 10.10.2.7:9009 10.10.2.8:9009 # Group 3 /usr/local/bin/udp-breeder -p 9993 127.0.0.1:9003 10.10.3.9:9009 10.10.3.10:9009 10.10.3.11:9009 10.10.3.12:9009 # Group 4 /usr/local/bin/udp-breeder -p 9994 127.0.0.1:9004 10.10.4.13:9009 10.10.4.14:9009 10.10.4.15:9009 10.10.4.16:9009 # Group 5 /usr/local/bin/udp-breeder -p 9995 127.0.0.1:9005 10.10.5.17:9009 10.10.5.18:9009 10.10.5.19:9009 10.10.5.20:9009 # Group 6 /usr/local/bin/udp-breeder -p 9996 127.0.0.1:9006 10.10.6.21:9009 10.10.6.22:9009 10.10.6.23:9009 10.10.6.24:9009 -------------------------------------------------------------------------------------- Nfsen on the NOC: -------------------------------------------------------------------------------------- %sources = ( 'gw' => { 'port' => '9000', 'col' => '#0000ff', 'type' => 'netflow' }, 'rtr1' => { 'port' => '9001', 'col' => '#0099ff', 'type' => 'netflow' }, 'rtr2' => { 'port' => '9002', 'col' => '#9900ff', 'type' => 'netflow' }, 'rtr3' => { 'port' => '9003', 'col' => '#ff0000', 'type' => 'netflow' }, 'rtr4' => { 'port' => '9004', 'col' => '#ff9900', 'type' => 'netflow' }, 'rtr5' => { 'port' => '9005', 'col' => '#ff0099', 'type' => 'netflow' }, 'rtr6' => { 'port' => '9006', 'col' => '#ff0066', 'type' => 'netflow' }, ); --------------------------------------------------------------------------------------