[Oisf-users] performance on VM

Theodore Elhourani theodore.elhourani at gmail.com
Wed Aug 7 00:17:56 UTC 2013 

We just noticed that the 600 requests of a connection were being exhausted
(completed) within 230ms (Effective connection time). This gives a 200Mbps
data rate at the interface Suricata is monitoring. Hence the high packet
drop. The new stats file is attached.

I would still appreciate if someone can recommend any changes to the
attached Suricata configuration, specifically for the VM setting I am
running the tests in.

Thanks again,ted


On Tue, Aug 6, 2013 at 12:23 PM, Theodore Elhourani <
theodore.elhourani at gmail.com> wrote:

> Hi,
>
> I am running tests on a Xen VM to understand the performance of Suricata.
> The VM has 4 VCPUs and 8GB of memory. Suricata is using afpacket with
> multiple packet acquisition and detection thread. I am attaching my config
> file.
>
> The http traffic is generated using:
> httperf --server A.B.C.D --uri /10k.html --num-conn 120 --num-call 600
> --timeout 5 --rate 1 --port 80
>
> Every second, a single connection is made with 600 requests. The target is
> then 600 requests/sec. All the requests are successful (see below).
>
>
> I am seeing a roughly 19% packet drop rate
> (capture.kernel_drops/capture.kernel_packets), even though CPU utilization
> and memory are relatively low. The stats file is attached.
>
> cpu-0         cpu-1        cpu-2         cpu-3          mem
> tcp.reassembly_gap
> 61.108%     62.7%       61.616%    70.716%    12.068%     103
>
> I would appreciate any pointers to what the problem may be.
>
> Thanks!
> Ted
>
>
>
>
> --------------------------------------------------------------------------------------------------------------------------------------------
> httperf --server A.B.C.D --uri /10k.html --num-conn 120 --num-call 600
> --timeout 5 --rate 1 --port 80
> httperf --timeout=5 --client=0/1 --server=A.B.C.D --port=80
> --uri=/10k.html --rate=1 --send-buffer=4096 --recv-buffer=16384
> --num-conns=120 --num-calls=600
> Maximum connect burst length: 1
>
> Total: connections 120 requests 72000 replies 72000 test-duration 119.236 s
>
> Connection rate: 1.0 conn/s (993.6 ms/conn, <=1 concurrent connections)
> Connection time [ms]: min 223.2 avg 232.3 max 265.8 median 230.5 stddev 6.8
> Connection time [ms]: connect 0.7
> Connection length [replies/conn]: 600.000
>
> Request rate: 603.8 req/s (1.7 ms/req)
> Request size [B]: 70.0
>
> Reply rate [replies/s]: min 600.0 avg 600.0 max 600.0 stddev 0.0 (23
> samples)
> Reply time [ms]: response 0.4 transfer 0.0
> Reply size [B]: header 261.0 content 10240.0 footer 0.0 (total 10501.0)
> Reply status: 1xx=0 2xx=72000 3xx=0 4xx=0 5xx=0
>
> CPU time [s]: user 50.64 system 68.58 (user 42.5% system 57.5% total
> 100.0%)
> Net I/O: 6233.6 KB/s (51.1*10^6 bps)
>
> Errors: total 0 client-timo 0 socket-timo 0 connrefused 0 connreset 0
> Errors: fd-unavail 0 addrunavail 0 ftab-full 0 other 0
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130806/30af6e7f/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stats-new.log
Type: application/octet-stream
Size: 139039 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130806/30af6e7f/attachment-0002.obj>

More information about the Oisf-users mailing list