[Oisf-users] For those who haven't read this
Will Metcalf
william.metcalf at gmail.com
Wed Jul 21 20:02:34 UTC 2010
Aside from that we also support in kernel load balancing via PF_RING.
You have the option of specifying the way in which it load balances on
a per-flow or round-robin basis. Basically suricata allows you to set
a cluster-id and then packets are load balanced across
threads/processes with the same cluster-id.
Regards,
Will
On Wed, Jul 21, 2010 at 1:58 PM, Robert Vineyard
<robert.vineyard at oit.gatech.edu> wrote:
> http://vrt-sourcefire.blogspot.com/2010/06/single-threaded-data-processing.html
>
> Here's another link (a writeup by Marty Roesch of Sourcefire) referenced
> from the article you mentioned.
>
> In light of this discussion, does OISF / Suricata have a response to
> Sourcefire's critique of a multi-threaded engine model that uses several
> threads to process the same data simultaneously? It seems to me that the
> most efficient way to do things would be to have a front-end load-balancer
> that could distribute the traffic to multiple back-end threads or processes
> that would each operate on independent data streams. This is the strategy
> employed by Endace and others to accomplish high-throughput IDS inspection.
> On a related note, are there any plans to implement native acceleration
> support for other vendors besides Endace (in particular Napatech / nPulse)?
>
> Thanks!
>
> --
> [ Robert Vineyard | RHCE, Security+ ] [ robert.vineyard at oit.gatech.edu ]
> [ Information Security Engineer III ] [ 404.385.6900 | FAX 404.894.9548 ]
> [Finding a needle in a haystack isn't hard when every straw is computerized]
>
>
> On 07/21/2010 07:05 AM, Kevin Ross wrote:
>> http://vrt-sourcefire.blogspot.com/2010/07/innovation-you-keep-using-that-word.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Vrt+(Sourcefire+VRT+-+Vulnerability+Research%2C+Snort+Rules+and+Explosions)
>> <http://vrt-sourcefire.blogspot.com/2010/07/innovation-you-keep-using-that-word.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Vrt+(Sourcefire+VRT+-+Vulnerability+Research%2C+Snort+Rules+and+Explosions)>
>>
>>
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
More information about the Oisf-users
mailing list