[Oisf-devel] suricata testing
Victor Julien
victor at inliniac.net
Fri May 14 09:52:56 EDT 2010
rmkml wrote:
> Hi SDT (Suricata Devel Team),
> Im start playing with 16 core server for suricata (v0.9.1pre git12may).
> Im test with sp*rent test center gig and udp only src_port=dst_port=1024, size 1460 (zero filled) at this time on IDS mode.
> system is rhelv5.5i386 without pfring, but in this test, it's not a pb for me.
> network card is internal Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.0.2 (Aug 21, 2009).
>
> 1) with all my personal signatures (+old community rules)
> -- 7565 signatures processed. 8 are IP-only rules, 6567 are inspecting packet payload, 1490 inspect application layer
> result: 1597% cpu (16core), udp frame rate sending by sp*rent 12.668/18.496.000octet/148MBit (15% sending possibility)
> suricata stats.log file:
> decoder.pkts | Decode1 | 4076896
> decoder.pkts_per_sec | Decode1 | 15044.714286
> decoder.bytes | Decode1 | 5935960576
> decoder.bytes_per_sec | Decode1 | 21905104.000000
> decoder.mbit_per_sec | Decode1 | 175.240832
> decoder.ipv4 | Decode1 | 4076896
> decoder.ethernet | Decode1 | 4076896
> decoder.udp | Decode1 | 4076896
> decoder.avg_pkt_size | Decode1 | 1456.000000
> decoder.max_pkt_size | Decode1 | 1456
> (removed all field contains 0)
> top output:
> top - 14:42:59 up 1 day, 22:06, 4 users, load average: 16.36, 13.77, 9.79
> Tasks: 236 total, 2 running, 234 sleeping, 0 stopped, 0 zombie
> Cpu0 : 6.9%us, 13.9%sy, 79.2%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu1 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu2 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu3 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu4 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu5 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu6 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu7 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu8 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu9 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu10 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu11 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu12 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu13 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu14 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu15 : 95.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 5.0%si, 0.0%st
> Mem: 12464792k total, 12057272k used, 407520k free, 170072k buffers
> Swap: 10482404k total, 2144k used, 10480260k free, 9272564k cached
> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
> 8059 root 15 0 504m 253m 1348 S 1595.9 2.1 119:10.11 suricata
>
> 2) same test without signature on suricata:
> top output:
> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
> 10660 root 15 0 280m 31m 1312 S 88.3 0.3 0:30.11 suricata
>
> 3) suricata without signature receiving 1Gbit rate:
> top output:
> top - 14:55:16 up 1 day, 22:18, 4 users, load average: 4.53, 5.69, 7.99
> Tasks: 236 total, 1 running, 235 sleeping, 0 stopped, 0 zombie
> Cpu0 : 29.4%us, 60.8%sy, 0.0%ni, 9.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu1 : 1.0%us, 12.9%sy, 0.0%ni, 86.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu2 : 0.0%us, 10.9%sy, 0.0%ni, 89.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu3 : 1.0%us, 14.7%sy, 0.0%ni, 84.3%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu4 : 0.0%us, 12.0%sy, 0.0%ni, 88.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu5 : 1.0%us, 12.0%sy, 0.0%ni, 87.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu6 : 0.0%us, 11.0%sy, 0.0%ni, 89.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu7 : 0.0%us, 13.9%sy, 0.0%ni, 86.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu8 : 0.0%us, 11.9%sy, 0.0%ni, 88.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu9 : 0.0%us, 13.1%sy, 0.0%ni, 86.9%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu10 : 1.0%us, 10.9%sy, 0.0%ni, 88.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu11 : 0.0%us, 13.0%sy, 0.0%ni, 87.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu12 : 0.0%us, 12.0%sy, 0.0%ni, 88.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu13 : 1.0%us, 13.9%sy, 0.0%ni, 85.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu14 : 1.0%us, 13.0%sy, 0.0%ni, 86.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu15 : 0.0%us, 13.1%sy, 0.0%ni, 72.7%id, 0.0%wa, 0.0%hi, 14.1%si, 0.0%st
> Mem: 12464792k total, 11836420k used, 628372k free, 170492k buffers
> Swap: 10482404k total, 2144k used, 10480260k free, 9273984k cached
> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
> 10660 root 15 0 280m 31m 1312 S 284.3 0.3 10:42.76 suricata
> suricata stats.log file:
> decoder.pkts | Decode1 | 27887010
> decoder.pkts_per_sec | Decode1 | 126469.500000
> decoder.bytes | Decode1 | 40603486560
> decoder.bytes_per_sec | Decode1 | 184139592.000000
> decoder.mbit_per_sec | Decode1 | 1473.116736
> decoder.ipv4 | Decode1 | 27887010
> decoder.ethernet | Decode1 | 27887010
> decoder.udp | Decode1 | 27887010
> decoder.avg_pkt_size | Decode1 | 1456.000000
> decoder.max_pkt_size | Decode1 | 1456
Interesting numbers rmkml, thanks. The pkts_per_sec, bytes_per_sec and
mbit_per_sec counters are completely unreliable at this point, fixing
them is still on our todo list.
Did both test runs send the same amount of packets? I see that the sigs
run did 4M packets, the bare run 27M.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list