[Oisf-devel] Suricata performance in ips-copy mode
Arun Dheena
adheena at tilera.com
Tue Jun 11 05:23:38 UTC 2013
Hello.
We are trying to measure the performance for suricata in ips-copy mode on Intel (Sandy Bridge 8 core system E5-2670 0 @ 2.60GHz).
I have configured suricata with af-packet copy mode as mentioned in the blog here..
https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/
Attached is the yaml file.
We are using Ubuntu Linux 3.8.0, with Mellanox adater (irq balance enabled) and suricata version 1.4.2
Would like to know from the experts :
[1] What is the expected throughput range for 10K HTTP sessions, with zero rules and with all the traffic matches the HOME_NET ?
None of the traffic are threat traffic.
We are getting around 3Gbps.
[2] Just a note, we are seeing kernel capture drops with the traffic / configuration as mentioned in [1] for all the threads.
[3] Any other parameter / suggestion that could significantly change the performance for intel
in ips-copy mode.
Thanks Much for the help
Arun
-------------- next part --------------
A non-text attachment was scrubbed...
Name: suricata.yaml
Type: application/octet-stream
Size: 39674 bytes
Desc: suricata.yaml
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130611/6cf3cdd9/attachment-0001.obj>
More information about the Oisf-devel
mailing list