[Oisf-devel] Cannot saturate bandwidth even with zero rules
Jen-Cheng(Tommy) Huang
thnbp24 at gmail.com
Tue Nov 9 03:21:47 UTC 2010
Hi,
I just tested suricata inline mode without pf_ring feature.
My NIC is intel 1Gbps NIC.
I used netperf TCP_MAERTS as my benchmark.
When I removed all rules, I supposed suricata should run up to 941 Mbps
which was what I observed in snort.
However, I could only see around 700 Mbps. And with the default rule set
which I downloaded from emergingthreats.net, the throughput became 4xx Mbps.
The strange thing was all CPUs were not saturated. (intel core i7).Thus, I
supposed the cpus were not the bottleneck. But why it couldn't saturate the
bandwidth?
Any idea?
Thanks.
Tommy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20101108/f3b4c5ca/attachment-0002.html>
More information about the Oisf-devel
mailing list