[Oisf-users] Hardware Acceleration / Suricata

Dan Murphy dmurphy at defense.net
Tue Apr 30 20:32:54 UTC 2013 

1.) IDS

2.) I'm not worried about price as that's usually different depending on
your purchasing power anyway

3.) I looked into the GPU / CUDA stuff and it seemed to me ( anyone feel
free to correct me ) consensus was that it wasn't really much of a gain in
performance at this point and probably wasn't ready for primetime...  I'm
eager to be proven wrong on that though ;)


Thanks,
Dan



On Tue, Apr 30, 2013 at 4:25 PM, rmkml <rmkml at yahoo.fr> wrote:

> Hi Dan,
>
> First thx for all community devs/users.
>
> That a very (old) good question! (hardware/software)
>
> Depend if you need IDS or IPS/inline mode...
>
> hardware accelerated / software accelerated = comparing price/results ?
>
> software with like pfring/afpacket and suricata = around 10Gbps in IDS
> mode on classical x86_64 cpus...
>
> or hardware (40Gbps) libpcap accelerated like endace/emulex or napatech or
> npulse ... (+x86_64 cpus)
>
> or full hardware accelerated like tilera TILExtreme-Gx at 160Gbps... (all
> not tested)
>
> Futur: Suricata accelerated by GPU ?
>
> Regards
> Rmkml
>
> https://home.regit.org/2012/**07/suricata-to-10gbps-and-**beyond/<https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/>
> http://packetchaser.org/index.**php/opensource/suricata-10gbps<http://packetchaser.org/index.php/opensource/suricata-10gbps>
> https://redmine.**openinfosecfoundation.org/**
> projects/suricata/wiki/Endace_**DAG<https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Endace_DAG>
> http://suricata-ids.org/2012/**12/21/oisf-welcomes-tilera-as-**
> a-gold-level-consortium-**member/<http://suricata-ids.org/2012/12/21/oisf-welcomes-tilera-as-a-gold-level-consortium-member/>
>
>
>
> On Tue, 30 Apr 2013, Dan Murphy wrote:
>
>  I'd be interested to know how the experiences have been of those of you
>> running a hardware accelerated Suricata .. be it via napatech, endace
>> etc...  What kind of rates you're getting ( yes I realize that
>> greatly depends on ruleset any data is more then the zero data I have
>> now).  What exactly is accelerated ( like is it just pcap or pattern
>> matching as well ).
>> I guess .. any recommendations in general would be greatly appreciated.
>>
>>
>> cheers,
>> Dan
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130430/173d15ce/attachment-0002.html>

More information about the Oisf-users mailing list