So having a bunch of success with PF_RING, I decided to check out some of ntop.org's other creations. One I came across that I had a use for was N2N. Basically you have a supernode daemon, and you create tunnels to it from your edge nodes. But the setup is about as simple as it can really be.
Pretty much exactly what the manual says
setup your supernode (relay for lack of a better phrase)
- supernode -l 9939
Then all you need for an edge node is:
- edge -a 10.10.2.1 -c some_community -k some_key -l <supernode ip>:9939
Next edge node:
- edge -a 10.10.2.2 -c some_community -k some_key -l <supernode ip>:9939
Then from either node, you should be able to reach the other.
- [root@core ~]# ping 10.10.2.1 PING 10.10.2.1 (10.10.2.1) 56(84) bytes of data. 64 bytes from 10.10.2.1: icmp_seq=1 ttl=64 time=0.073 ms 64 bytes from 10.10.2.1: icmp_seq=2 ttl=64 time=0.070 ms 64 bytes from 10.10.2.1: icmp_seq=3 ttl=64 time=0.063 ms ^C --- 10.10.2.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2496ms rtt min/avg/max/mdev = 0.063/0.068/0.073/0.010 ms [root@core ~]#
Thats it. Seriously... Now if you want it to persist, you need to make an init script for supernode, and edge. I'm also not a huge fan of it having the key sitting there visible in the process list on the edge servers.
- [root@core ~]# ps aux | grep edge root 2367 0.0 0.1 3644 724 ? Ss Aug30 0:33 edge -a 10.10.2.1 -c HOME -k superkey -l g1.poop.com:4099 root 22730 0.0 0.1 4200 728 pts/0 S+ 20:04 0:00 grep edge [root@core ~]#
That's kind of blatant to just leave laying around. In this fashion it pretty much screams its key in the process list. So I would use a shell script or something to wrap it, so its a little less obvious.