[Oisf-users] Suricata on 8 cores, ~70K packets/sec
Eric Leblond
eric at regit.org
Tue Feb 15 18:54:12 EST 2011
Hi,
Le mardi 15 février 2011 à 20:19 +0000, Chris Wakelin a écrit :
> On 15/02/11 20:01, Victor Julien wrote:
> >
> > If this is the case pfring is your friend. It allows you to have
> > multiple reader threads that get packets from the kernel. Pfring has
> > several ways of dividing packets over the readers. I'd be interested to
> > see what happens with a run mode where we'd have cores/2 pfring readers
> > with each 2 or 3 processing threads.
> >
> > Cheers,
> > Victor
> >
>
> Yes, I was wondering whether Eric's benchmarking gave rather different
> results reading a pcap file, compared to using PF_RING on a live stream
> as it splits up the data for you in the kernel. I guess you need a
> traffic generator to repeatedly stream the same pcap file to test.
>
> Having said that, two detect threads (8*0.25) seems fine for the
> students, so far.
I've continue my test and it seems switching to RunModeFilePcapAutoFp is
a good choice:
http://home.regit.org/?p=467
BR,
--
Eric Leblond <eric at regit.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
Url : http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110216/a4d9c87c/attachment.bin
More information about the Oisf-users
mailing list