cancel
Showing results for 
Search instead for 
Did you mean: 
itagsupport
Level 9

director node to scanning node

Hi,

is there any detailed technical information about how a director node directs traffic to scanning nodes in mwg 7?

Thanks

Regards

Roman

0 Kudos
2 Replies
McAfee Employee

Re: director node to scanning node

Hello Roman,

the director is usually doing a mac and IP rewrite to send data to the scanning nodes.

The traffic flows like:

Client -> Director -> Scanning node -> Webserver -> Scanning node -> Director -> Client

What is noteable thought that data will only be send to an external scanning node if a certain usage threshhold was reached and the local scanning node (part of the director) needs to swap traffic to a scanning node.

As you have (hopefuly ) recognized, a director has two lives at the same point of time - so it's somewhat twisted. It is a director and always a scanning node at the same point of time. This is not changable.


To see what scanning nodes are subscribed to a master run: mfend-lb -s on the shell of the director.

thanks,

Michael

0 Kudos
itagsupport
Level 9

Re: director node to scanning node

Hi Michael

yes, it's clear the director does scanning too......

On the other hand, it's not yet clear on what basis the director decides to forward traffic to the scanning (or the other director in a two system setup).

"A certain usage threshhold": what does it mean? Is the director counting requests or observing the cpu load? Is the scanner just a kind of overload system or is the load equally distributed amongst the involved systems?

Other thing: in a single armed setup, the network load is obviously higher than in ww 6.8, as traffic is forwarded from director to scanner and back (thus multiplied...) compared to 6.8 where we had a multicast based mechanism.

Does it make sense to setup a kind of "forward interface" between two systems? Is this possible or do the systems always forward traffic on the interface with the VIP?  Or on the interface with the VRRP? (This is actually somewhat missleading as one would think that the VRRP is used for the VIP. Are the VRRP hello packets sent out through the VRRP interface only, which in return triggers an activation or deactivation of the proxy VIP?) The doc is not very clear in this respect.

Thanks a lot

Roman

0 Kudos