[Oisf-users] Hardware Acceleration / Suricata
Dan Murphy
dmurphy at defense.net
Tue Apr 30 20:35:45 UTC 2013
And I would add to that... It would be handy to know which vendors force
you into their own branch of suricata hence losing you the freedom to
download the latest version and recompile features in as needed.
Thanks,
Dan
On Tue, Apr 30, 2013 at 4:32 PM, Dan Murphy <dmurphy at defense.net> wrote:
> 1.) IDS
>
> 2.) I'm not worried about price as that's usually different depending on
> your purchasing power anyway
>
> 3.) I looked into the GPU / CUDA stuff and it seemed to me ( anyone feel
> free to correct me ) consensus was that it wasn't really much of a gain in
> performance at this point and probably wasn't ready for primetime... I'm
> eager to be proven wrong on that though ;)
>
>
> Thanks,
> Dan
>
>
>
> On Tue, Apr 30, 2013 at 4:25 PM, rmkml <rmkml at yahoo.fr> wrote:
>
>> Hi Dan,
>>
>> First thx for all community devs/users.
>>
>> That a very (old) good question! (hardware/software)
>>
>> Depend if you need IDS or IPS/inline mode...
>>
>> hardware accelerated / software accelerated = comparing price/results ?
>>
>> software with like pfring/afpacket and suricata = around 10Gbps in IDS
>> mode on classical x86_64 cpus...
>>
>> or hardware (40Gbps) libpcap accelerated like endace/emulex or napatech
>> or npulse ... (+x86_64 cpus)
>>
>> or full hardware accelerated like tilera TILExtreme-Gx at 160Gbps... (all
>> not tested)
>>
>> Futur: Suricata accelerated by GPU ?
>>
>> Regards
>> Rmkml
>>
>> https://home.regit.org/2012/**07/suricata-to-10gbps-and-**beyond/<https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/>
>> http://packetchaser.org/index.**php/opensource/suricata-10gbps<http://packetchaser.org/index.php/opensource/suricata-10gbps>
>> https://redmine.**openinfosecfoundation.org/**
>> projects/suricata/wiki/Endace_**DAG<https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Endace_DAG>
>> http://suricata-ids.org/2012/**12/21/oisf-welcomes-tilera-as-**
>> a-gold-level-consortium-**member/<http://suricata-ids.org/2012/12/21/oisf-welcomes-tilera-as-a-gold-level-consortium-member/>
>>
>>
>>
>> On Tue, 30 Apr 2013, Dan Murphy wrote:
>>
>> I'd be interested to know how the experiences have been of those of you
>>> running a hardware accelerated Suricata .. be it via napatech, endace
>>> etc... What kind of rates you're getting ( yes I realize that
>>> greatly depends on ruleset any data is more then the zero data I have
>>> now). What exactly is accelerated ( like is it just pcap or pattern
>>> matching as well ).
>>> I guess .. any recommendations in general would be greatly appreciated.
>>>
>>>
>>> cheers,
>>> Dan
>>>
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130430/3888abc6/attachment-0002.html>
More information about the Oisf-users
mailing list