[Oisf-devel] suricata testing
Will Metcalf
william.metcalf at gmail.com
Fri May 14 13:51:10 UTC 2010
To be completely truthful we know that we have some performance
optimization stuff to do as up to this point we have been more focused
on accuracy, but with that said would you mind sharing the ruleset
that you used with us off-list so that we can recreate your test.
Victor is telling me that currently decoder.mbit_per_sec is
unreliable, so we will probably remove this stat until it is fixed.
Regards,
Will
On Fri, May 14, 2010 at 6:13 AM, rmkml <rmkml at free.fr> wrote:
> Hi SDT (Suricata Devel Team),
> Im start playing with 16 core server for suricata (v0.9.1pre git12may).
> Im test with sp*rent test center gig and udp only src_port=dst_port=1024, size 1460 (zero filled) at this time on IDS mode.
> system is rhelv5.5i386 without pfring, but in this test, it's not a pb for me.
> network card is internal Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.0.2 (Aug 21, 2009).
>
> 1) with all my personal signatures (+old community rules)
> -- 7565 signatures processed. 8 are IP-only rules, 6567 are inspecting packet payload, 1490 inspect application layer
> result: 1597% cpu (16core), udp frame rate sending by sp*rent 12.668/18.496.000octet/148MBit (15% sending possibility)
> suricata stats.log file:
> decoder.pkts | Decode1 | 4076896
> decoder.pkts_per_sec | Decode1 | 15044.714286
> decoder.bytes | Decode1 | 5935960576
> decoder.bytes_per_sec | Decode1 | 21905104.000000
> decoder.mbit_per_sec | Decode1 | 175.240832
> decoder.ipv4 | Decode1 | 4076896
> decoder.ethernet | Decode1 | 4076896
> decoder.udp | Decode1 | 4076896
> decoder.avg_pkt_size | Decode1 | 1456.000000
> decoder.max_pkt_size | Decode1 | 1456
> (removed all field contains 0)
> top output:
> top - 14:42:59 up 1 day, 22:06, 4 users, load average: 16.36, 13.77, 9.79
> Tasks: 236 total, 2 running, 234 sleeping, 0 stopped, 0 zombie
> Cpu0 : 6.9%us, 13.9%sy, 79.2%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu1 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu2 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu3 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu4 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu5 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu6 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu7 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu8 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu9 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu10 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu11 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu12 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu13 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu14 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu15 : 95.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 5.0%si, 0.0%st
> Mem: 12464792k total, 12057272k used, 407520k free, 170072k buffers
> Swap: 10482404k total, 2144k used, 10480260k free, 9272564k cached
> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
> 8059 root 15 0 504m 253m 1348 S 1595.9 2.1 119:10.11 suricata
>
> 2) same test without signature on suricata:
> top output:
> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
> 10660 root 15 0 280m 31m 1312 S 88.3 0.3 0:30.11 suricata
>
> 3) suricata without signature receiving 1Gbit rate:
> top output:
> top - 14:55:16 up 1 day, 22:18, 4 users, load average: 4.53, 5.69, 7.99
> Tasks: 236 total, 1 running, 235 sleeping, 0 stopped, 0 zombie
> Cpu0 : 29.4%us, 60.8%sy, 0.0%ni, 9.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu1 : 1.0%us, 12.9%sy, 0.0%ni, 86.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu2 : 0.0%us, 10.9%sy, 0.0%ni, 89.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu3 : 1.0%us, 14.7%sy, 0.0%ni, 84.3%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu4 : 0.0%us, 12.0%sy, 0.0%ni, 88.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu5 : 1.0%us, 12.0%sy, 0.0%ni, 87.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu6 : 0.0%us, 11.0%sy, 0.0%ni, 89.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu7 : 0.0%us, 13.9%sy, 0.0%ni, 86.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu8 : 0.0%us, 11.9%sy, 0.0%ni, 88.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu9 : 0.0%us, 13.1%sy, 0.0%ni, 86.9%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu10 : 1.0%us, 10.9%sy, 0.0%ni, 88.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu11 : 0.0%us, 13.0%sy, 0.0%ni, 87.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu12 : 0.0%us, 12.0%sy, 0.0%ni, 88.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu13 : 1.0%us, 13.9%sy, 0.0%ni, 85.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu14 : 1.0%us, 13.0%sy, 0.0%ni, 86.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
> Cpu15 : 0.0%us, 13.1%sy, 0.0%ni, 72.7%id, 0.0%wa, 0.0%hi, 14.1%si, 0.0%st
> Mem: 12464792k total, 11836420k used, 628372k free, 170492k buffers
> Swap: 10482404k total, 2144k used, 10480260k free, 9273984k cached
> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
> 10660 root 15 0 280m 31m 1312 S 284.3 0.3 10:42.76 suricata
> suricata stats.log file:
> decoder.pkts | Decode1 | 27887010
> decoder.pkts_per_sec | Decode1 | 126469.500000
> decoder.bytes | Decode1 | 40603486560
> decoder.bytes_per_sec | Decode1 | 184139592.000000
> decoder.mbit_per_sec | Decode1 | 1473.116736
> decoder.ipv4 | Decode1 | 27887010
> decoder.ethernet | Decode1 | 27887010
> decoder.udp | Decode1 | 27887010
> decoder.avg_pkt_size | Decode1 | 1456.000000
> decoder.max_pkt_size | Decode1 | 1456
>
> Regards
> Rmkml
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
More information about the Oisf-devel
mailing list