[prev in list] [next in list] [prev in thread] [next in thread]
List: bro
Subject: Re: [Zeek] pf_ring
From: Greg Grasmehr <greg.grasmehr () caltech ! edu>
Date: 2020-07-11 0:39:00
Message-ID: 20200711003900.GF30485 () dakine
[Download RAW message or body]
I'm sorry, s/12/17/ for the Gbps bursts, my bad!
On 07/10/20 17:30:55, Greg Grasmehr wrote:
> Hello Zeek Community,
>
> I know there is a penchant for those in this community to recommend
> af_packet over pf_ring - which is fine, even so, I just want to say
> using pf_ring, especially if you are an EDU, makes perfect sense and it
> is super high performance.
>
> I have set up Zeek monitoring on a single Zeek-in-a-box using Fiberblaze
> FGPA and pf_ring. Zeek is easily keeping up with bursts of traffic up
> to 12 Gbps with very minimal packet loss, less than 1% if I am not
> utilizing Dumbno to shunt traffic, using Dumbno to shunt traffic causes
> Zeek to report increased packet loss which makes perfect sense.
>
> I recommend pf_ring for certain, and if you want to utilize a less
> expensive Intel FGPA; pf_ring ZC.
>
> --
> Sincerely,
>
> Greg Grasmehr
> Lead Information Security Analyst
> California Institute of Technology (Caltech)
> GPGMe: 38E2 F9BD A95E 9824 20AB 331A 9E29 D1A1 AAEE 5F42
> http://keys.gnupg.net/pks/lookup?search=0x9E29D1A1AAEE5F42
> _______________________________________________
> Zeek mailing list
> zeek@zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
_______________________________________________
Zeek mailing list
zeek@zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic