[Oisf-users] Hardware considerations
Christophe Vandeplas
christophe at vandeplas.com
Thu Jan 5 07:21:49 UTC 2012
On Wed, Jan 4, 2012 at 4:48 PM, Jonathan Ben-Joseph <jbenjos at gmail.com> wrote:
> Hello folks,
>
>
> First time poster here, long time lurker.
>
>
> Any suggestions on what kind of hardware should be utilized to run Suricata
> effectively considering something like 500 Mbps of sustained traffic? What
> RAM, CPU, etc. would be sufficient?
Also don't forget scaling your network cards appropriately.
If you consider mirroring a 1Gbps network port you will need two 1
Gbps NICS, one for inbound traffic and one for outbound traffic.
The combination of full-duplex and tcp-window scaling results in peaks
above 1Gbps ( 1Gbps in + 1Gbps out = max 2Gbps), even if you're only
sniffing an average of 10 or 100 Mbps.
So your machine will probably need (2*N + 1) NICS, one for management
and two for each sniffing.
> Thanks,
>
> Jonathan
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
More information about the Oisf-users
mailing list