[prev in list] [next in list] [prev in thread] [next in thread]
List: oisf-devel
Subject: Re: [Oisf-devel] Suricata performance in ips-copy mode
From: Eric Leblond <eric () regit ! org>
Date: 2013-06-11 8:08:32
Message-ID: 1370938112.10852.43.camel () ice-age ! regit ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Hi,
Le mardi 11 juin 2013 à 05:23 +0000, Arun Dheena a écrit :
> Hello.
>
> We are trying to measure the performance for suricata in ips-copy mode on Intel \
> (Sandy Bridge 8 core system E5-2670 0 @ 2.60GHz). I have configured suricata with \
> af-packet copy mode as mentioned in the blog here..
> https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/
>
> Attached is the yaml file.
> We are using Ubuntu Linux 3.8.0, with Mellanox adater (irq balance enabled) and \
> suricata version 1.4.2
> Would like to know from the experts :
>
> [1] What is the expected throughput range for 10K HTTP sessions, with zero rules \
> and with all the traffic matches the HOME_NET ? None of the traffic are threat \
> traffic. We are getting around 3Gbps.
I do not have any number for this type of setup. How is the CPU usage
when running the tests ?
> [2] Just a note, we are seeing kernel capture drops with the traffic / \
> configuration as mentioned in [1] for all the threads.
Is the traffic correctly load-balanced between threads ?
> [3] Any other parameter / suggestion that could significantly change the \
> performance for intel in ips-copy mode.
affinity on detect threads (meaning in workers mode treatment threads)
could be set to exclusive and CPUs set to the CPUs on which network card
irq are sent.
Current suricata capabilities for this type of setup is not optimal as
the pearing between receive and send is not done on a per CPU basis. So
there may be some improvement here.
BR,
>
> Thanks Much for the help
> Arun
> _______________________________________________ Suricata IDS Devel mailing list: \
> oisf-devel@openinfosecfoundation.org Site: http://suricata-ids.org | Participate: \
> http://suricata-ids.org/participate/ List: \
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel Redmine: \
> https://redmine.openinfosecfoundation.org/
["signature.asc" (application/pgp-signature)]
_______________________________________________
Suricata IDS Devel mailing list: oisf-devel@openinfosecfoundation.org
Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
Redmine: https://redmine.openinfosecfoundation.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic