Group Based Policy IDS

asked 2015-08-30 16:48:06 -0500

Bo102010 gravatar image

updated 2015-08-31 21:30:09 -0500

Cisco's (Group-Based Policy for OpenStack) describes one use case for GBP networking:

Policy layering: ...layering allows application owners to specify the policy pertaining to an application, while infrastructure owners can prescribe security requirements __such as redirection of traffic to a chain of firewall and intrusion-detection system (IDS) solutions before the traffic is sent to the application.__

One of the accompanying images illustrates this ideas: (image description)

My question is: how does one actually configure an IDS to receive network traffic with GBP? The diagram suggests that there should be a "copy" action, but the (GBP docs) show that there are only "allow" and "redirect" actions.

If the feature has simply not yet been implemented, what is a recommended way to forward application traffic to an IDS?

edit retag flag offensive close merge delete