I'm building a very specific scenario for a IDS load balancer:
At the moment I have a full-duplex network tap, which mirrors my network's traffic into 2 ports -> one port corresponding to the incoming network traffic, and the other port corresponding to the outgoing network traffic.
These two ports connect to my load balancer's interfaces, let's call them in1, in2.
The tricky part comes now. I want to combine these two flows of traffic (in order to have the full traffic flow, incoming and outgoing) and THEN split the combined traffic, so that half of it goes through one interface (out1) and the other half, through another interface (out2).
At the moment I have a bond interface combining in1 and in2, and a bond interface combining out1 and out2. I also have a bridge connecting both bonds.
The problem it that the bridge doesn't forward all my traffic, it receives it, but it only forwards broadcast and ARP packets.
My guess is that this issue is due to the ARP packets, because, as I said, in1 and in2 are like the counterparts of the same traffic flow, and they are likely replying to each other's ARP requests?
