FAUCET (https://github.com/REANNZ/faucet), originally by REANNZ, is an open source SDN/OpenFlow controller for experimental and enterprise networks. FAUCET runs in production at multiple sites and supports multiple hardware vendors. This blog describes FAUCET itself and FAUCET use cases. The blog author works at Google and has contributed to FAUCET. Any opinions stated here are my own, not those of Google.
Monday, May 30, 2016
Sometimes, you need to examine traffic on a network to troubleshoot a problem, or copy it to an intrusion detection system (IDS for example, Bro). You might want a copy of everything on a port; or you may want a copy of only certain traffic.
FAUCET allows you to mirror traffic at a port level, but also at a configurable fine grained level - for example, just Ethernet broadcasts. In the following example, we mirror broadcasts to port 3, and we forward everything else by default.
When a port is the target of a mirror action, forwarding is disabled on that port.