Hello fellow Zeek users,
I have a Zeek cluster running and I monitor the inbound and outbound traffic at 3 different locations where I have my BGP connections. I have a lot of asymmetric on my BGP routers, which is completely normal. But in Zeek I see a lot of messages that indicate to me that Zeek is not able to handle this correctly. Is there are way to fix this?
3 locations
3 BGP routers
6 uplinks
PF_Ring on every location where I pull both the outbound and the inbound traffic into the probe using a fibertab.
In the probe I join the inbound and outbound traffic again in a zbalance_ipc cluster, and every zbalance_ipc cluster has 2 queues that are both handled by a Zeek process.
So in total I have 12 Zeek workers, 1 proxy on the management node and a logging engine on the management node.
I have almost no packet loss on my Zeek instances, so that works all fine.
