Nimbostratus
NimbostratusThe problem with clone pools in AWS is the packets that are generated by the clone pool retain the original source and destination IPs but have their mac address changed in order to deliver the original data to a different layer 2 destination. Unfortunately (in my testing) AWS fabric drops this traffic. Probably because the security groups do stateful inspection and aren't fond of these out of state packets.
As a work around I've attempted to create a GRE tunnel to the destination as GRE traffic is passed by AWS (if specific caveats are met). However since the decision to GRE encapsulate traffic is based on destination IP in the IP header this traffic will not traverse the tunnel.
Least this has been my experience so far, I've not been able to get the native GRE tunnel to work in the virtual LTM, and have been forced to use Linux OS GRE tunnels, TMM (I'm assuming) seems to ignore any manual arp entries I put in to try to force this traffic in the correct direction.
I'm currently looking for other methods to span traffic but sadly it appears putting the IDS logically in line may be necessary.
Nimbostratus