<div dir="ltr"><div>We just noticed that the 600 requests of a connection were being exhausted (completed) within 230ms (Effective connection time). This gives a 200Mbps data rate at the interface Suricata is monitoring. Hence the high packet drop. The new stats file is attached.<br>
<br>I would still appreciate if someone can recommend any changes to the attached Suricata configuration, specifically for the VM setting I am running the tests in.<br><br></div><div>Thanks again,ted<br></div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Tue, Aug 6, 2013 at 12:23 PM, Theodore Elhourani <span dir="ltr"><<a href="mailto:theodore.elhourani@gmail.com" target="_blank">theodore.elhourani@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi,<br><br></div>I am running tests on a Xen VM to understand the performance of Suricata. The VM has 4 VCPUs and 8GB of memory. Suricata is using afpacket with multiple packet acquisition and detection thread. I am attaching my config file.<br>
<br></div>The http traffic is generated using:<br>httperf --server A.B.C.D --uri /10k.html --num-conn 120 --num-call 600 --timeout 5 --rate 1 --port 80<br><br></div><div>Every second, a single connection is made with 600 requests. The target is then 600 requests/sec. All the requests are successful (see below).<br>
<br><br></div><div>I am seeing a roughly 19% packet drop rate (capture.kernel_drops/capture.kernel_packets), even though CPU utilization and memory are relatively low. The stats file is attached.<br><br>cpu-0 cpu-1 cpu-2 cpu-3 mem tcp.reassembly_gap<br>
61.108% 62.7% 61.616% 70.716% 12.068% 103<br><br></div><div>I would appreciate any pointers to what the problem may be.<br></div><div><br></div><div>Thanks!<br></div><div>Ted<br></div><div><br><br><br>
--------------------------------------------------------------------------------------------------------------------------------------------<br>httperf --server A.B.C.D --uri /10k.html --num-conn 120 --num-call 600 --timeout 5 --rate 1 --port 80<br>
httperf --timeout=5 --client=0/1 --server=A.B.C.D --port=80 --uri=/10k.html --rate=1 --send-buffer=4096 --recv-buffer=16384 --num-conns=120 --num-calls=600<br>Maximum connect burst length: 1<br><br>Total: connections 120 requests 72000 replies 72000 test-duration 119.236 s<br>
<br>Connection rate: 1.0 conn/s (993.6 ms/conn, <=1 concurrent connections)<br>Connection time [ms]: min 223.2 avg 232.3 max 265.8 median 230.5 stddev 6.8<br>Connection time [ms]: connect 0.7<br>Connection length [replies/conn]: 600.000<br>
<br>Request rate: 603.8 req/s (1.7 ms/req)<br>Request size [B]: 70.0<br><br>Reply rate [replies/s]: min 600.0 avg 600.0 max 600.0 stddev 0.0 (23 samples)<br>Reply time [ms]: response 0.4 transfer 0.0<br>Reply size [B]: header 261.0 content 10240.0 footer 0.0 (total 10501.0)<br>
Reply status: 1xx=0 2xx=72000 3xx=0 4xx=0 5xx=0<br><br>CPU time [s]: user 50.64 system 68.58 (user 42.5% system 57.5% total 100.0%)<br>Net I/O: 6233.6 KB/s (51.1*10^6 bps)<br><br>Errors: total 0 client-timo 0 socket-timo 0 connrefused 0 connreset 0<br>
Errors: fd-unavail 0 addrunavail 0 ftab-full 0 other 0<br><br><br><br><br><br></div><div><br><br></div></div>
</blockquote></div><br></div>