[Oisf-users] Hardware considerations

[Victor Julien]

On 01/04/2012 05:00 PM, Martin Holste wrote:
> My rule of thumb is one CPU per 100 Mb/sec and 2 GB RAM per 1000
> rules.  So, you could monitor 100 Mb/sec using a ruleset of 1000 rules
> on a single CPU with 2 GB RAM.  Assuming you want to run a large
> ruleset of 8000 rules on 500 Mb/sec, you'll need 5 CPU's and 16 GB
> RAM.  So, I'd go with at least a 6-core CPU and as much RAM as you can
> stuff in there.  CPU and RAM are so cheap now, that the short answer
> is always buy as much as you can.  We run Dell R710's which are fully
> loaded with 16 logical CPU, 144 GB RAM and 10 TB usable disk, and we
> got them for under $15k.  You can go on Newegg and put together a
> pretty awesome system for under $5k, so it's really more about systems
> management requirements than hardware specs.  Granted disk prices are
> up in the air now due to the Thai floods, but CPU/RAM are still
> incredibly commoditized.

I have never thoroughly benched the impact of hyper-threading beyond "it
helps performance somewhat". For Suricata it's definitely not a full
core, but enabling hyper-threading does improve things overall. Has
anyone done any real measurements with and without it?

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------