[Oisf-users] Hardware Acceleration / Suricata

Randy Caldejon randy at packetchaser.org
Wed May 1 00:34:30 UTC 2013


Hi Dan,

nPulse, which is the company that I am associated with, implemented and contributed the support for Napatech adapters.   It is part of the main branch and available to all.  I believe the same is true for Endace.   

As a side note, Tom DeCanio, who use to worked for Tilera (now is with nPulse) also did a port for Tilera (www.tilera.com).    I believe that code will be making it's way to the main branch eventually.

-- Randy

[ email: randy at packetchaser.org | http://packetchaser.org | twitter: @packetchaser ]


On Apr 30, 2013, at 4:35 PM, Dan Murphy <dmurphy at defense.net> wrote:

> And I would add to that...  It would be handy to know which vendors force you into their own branch of suricata hence losing you the freedom to download the latest version and recompile features in as needed.
> 
> 
> Thanks,
> Dan
> 
> 
> 
> On Tue, Apr 30, 2013 at 4:32 PM, Dan Murphy <dmurphy at defense.net> wrote:
> 1.) IDS
> 
> 2.) I'm not worried about price as that's usually different depending on your purchasing power anyway
> 
> 3.) I looked into the GPU / CUDA stuff and it seemed to me ( anyone feel free to correct me ) consensus was that it wasn't really much of a gain in performance at this point and probably wasn't ready for primetime...  I'm eager to be proven wrong on that though ;)
> 
> 
> Thanks,
> Dan 
> 
> 
> 
> On Tue, Apr 30, 2013 at 4:25 PM, rmkml <rmkml at yahoo.fr> wrote:
> Hi Dan,
> 
> First thx for all community devs/users.
> 
> That a very (old) good question! (hardware/software)
> 
> Depend if you need IDS or IPS/inline mode...
> 
> hardware accelerated / software accelerated = comparing price/results ?
> 
> software with like pfring/afpacket and suricata = around 10Gbps in IDS mode on classical x86_64 cpus...
> 
> or hardware (40Gbps) libpcap accelerated like endace/emulex or napatech or npulse ... (+x86_64 cpus)
> 
> or full hardware accelerated like tilera TILExtreme-Gx at 160Gbps... (all not tested)
> 
> Futur: Suricata accelerated by GPU ?
> 
> Regards
> Rmkml
> 
> https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/
> http://packetchaser.org/index.php/opensource/suricata-10gbps
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Endace_DAG
> http://suricata-ids.org/2012/12/21/oisf-welcomes-tilera-as-a-gold-level-consortium-member/
> 
> 
> 
> On Tue, 30 Apr 2013, Dan Murphy wrote:
> 
> I'd be interested to know how the experiences have been of those of you running a hardware accelerated Suricata .. be it via napatech, endace etc...  What kind of rates you're getting ( yes I realize that
> greatly depends on ruleset any data is more then the zero data I have now).  What exactly is accelerated ( like is it just pcap or pattern matching as well ).  
> I guess .. any recommendations in general would be greatly appreciated. 
> 
> 
> cheers,
> Dan
> 
> 
> 
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/







More information about the Oisf-users mailing list