Re bro and pf_ring, I would recommend af_packet over pfring, if you are running a recent OS that supports it in Bro (see earlier). This is because af_packet comes built-in with your distro, and pf_ring is an addon. This makes it easier to manage imo.
If you build pf_ring, you will need the kernel module and shared objects on each box. Bro isn’t going to put those there for you…
Moreover, I would highly recommend you build pf_ring as a module vrs compiled into bro itself. Personal opinion though.
Pf_ring doesnt do loadbalancing on a link (it does it on the card between threads), so if you want to balance over multiple bro boxes, you definitely need something like a load balancing tap, a passive load balancer, or your f5 (which I believe does 5 tuple balancing). Cue the pleaselookatthelblpaperonloadbalancinga100giglink paper comments. 
Hope this helps.