Skip to content

Setup#

IXpect passivly monitors the peering LAN by capturing packets on a dedicated regularly configured peering port. So it will should only have access to BUM1 traffic. It is not designed nor beneficial to be used on monitoring ports.

Image title
IXpect attached to the peering LAN.

Packets can be processed from various sources:

  • captured from a Linux kernel interface via AF_PACKET
  • encapsulated in VxLAN
  • read from a pcap file

They are passed to probes enabled in the configuration file. When ever a probe detects a conspicuous packet, this information is assigned to a batch. The batches will be processed periodically (see event.collection_window) by the notifiers.

Image title
Packet processing and notifications in IXpect.

  1. Broadcasts Unknown-unicasts and Multicast traffic