<div dir="ltr">Hi Sean.<div><br></div><div>I have two NUMA nodes, and Node 0 is the NICs NUMA node:</div><div><br></div><div><div>NUMA node0 CPU(s): 0,2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38</div><div>NUMA node1 CPU(s): 1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39</div></div><div><br></div><div><div>$ cat /sys/class/net/em1/device/numa_node</div><div>0</div></div><div><br></div><div>So does that mean that I can assign only threads from NUMA node0 to the management-cpu-set and worker-cpu-set, as it's the NICs NUMA node?<br></div><div><br></div><div>
<span style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">I am not able to figure out from Septun doc that what threads/cores would be pinned to which set in cpu-affinity, as you suggested earlier, hence went with "all" in worker and cpu sets by default.</span>
<br></div><div><br></div><div>I will try to update the drivers for the NICs next.</div><div><br></div><div>As for HS, I didn't know about it before, and now that I have already compiled Suricata from source, and do $suricata --buil-info, if shows "Hyperscan support: no".</div><div>Hence assuming that I have to recompile suricata again to get that enabled, which I would not like to do as of now.</div><div><br></div><div><br></div><div>Thanks,</div><div>Fatema.</div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 11, 2018 at 2:19 PM, Cloherty, Sean E <span dir="ltr"><<a href="mailto:scloherty@mitre.org" target="_blank">scloherty@mitre.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="m_-7631524501208533277WordSection1">
<p class="MsoNormal">First get the NUMA node for the CPUs – lscpu should provide that in the last two lines of the output.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Find your NICs NUMA node 1<sup>st</sup> and go from there for affinity settings
<span style="font-size:10.0pt;font-family:Consolas">cat <span style="background:#eff0f1">
/sys/class/net/em1/device/<wbr>numa_node<u></u><u></u></span></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas;background:#eff0f1"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas;background:#eff0f1"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas;background:#eff0f1"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas;background:#eff0f1">Update the drivers for the NIC -
<a href="https://downloadcenter.intel.com/download/24411/Intel-Network-Adapter-Driver-for-PCIe-40-Gigabit-Ethernet-Network-Connections-Under-Linux-?product=82947" target="_blank">
https://downloadcenter.intel.<wbr>com/download/24411/Intel-<wbr>Network-Adapter-Driver-for-<wbr>PCIe-40-Gigabit-Ethernet-<wbr>Network-Connections-Under-<wbr>Linux-?product=82947</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas;background:#eff0f1"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas;background:#eff0f1">(Just remember that you will need to repeat this after any kernel updates)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas;background:#eff0f1"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas;background:#eff0f1"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas;background:#eff0f1"><u></u> <u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><b>From:</b> fatema bannatwala [mailto:<a href="mailto:fatema.bannatwala@gmail.com" target="_blank">fatema.bannatwala@<wbr>gmail.com</a>]
<br>
<b>Sent:</b> Wednesday, July 11, 2018 13:55 PM<span class=""><br>
<b>To:</b> Cloherty, Sean E <<a href="mailto:scloherty@mitre.org" target="_blank">scloherty@mitre.org</a>><br>
</span><b>Cc:</b> <a href="mailto:oisf-users@lists.openinfosecfoundation.org" target="_blank">oisf-users@lists.<wbr>openinfosecfoundation.org</a><span class=""><br>
<b>Subject:</b> Re: [Oisf-users] High Suricata capture.kernel_drops<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Hi Sean,<u></u><u></u></p><div><div class="h5">
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Thanks for some quick points and recommendations.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I will work through those, and see if it helps.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">The documentation refers the tuning assuming two NICs p1p1 and p1p3, which was getting me confused, as I only have single NIC with 20 cores and 40 online threads, so was struggling to set the config options right in the yaml file for cpu_affinity.
I will try the hard coded method instead of all and see if it helps.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Fatema.<u></u><u></u></p>
</div>
</div></div></div>
</div>
</div>
</blockquote></div><br></div>