[Oisf-users] performance on VM

Duarte Silva duarte.silva at serializing.me
Wed Aug 7 08:18:42 UTC 2013 

Hi Theodore,

tunning Suricata in a VM is no different from a bare hardware solution. The 
same basic principles apply. You can check this thread [1], it contains a lot 
of pointers.

There isn't a recipe though, every setup is different, but usually after 
fiddling for some time you will get it right :D

Best regards,
Duarte

[1] http://comments.gmane.org/gmane.comp.security.ids.oisf.user/2710

On Tuesday 06 August 2013 12:23:32 Theodore Elhourani wrote:
> Hi,
> 
> I am running tests on a Xen VM to understand the performance of Suricata.
> The VM has 4 VCPUs and 8GB of memory. Suricata is using afpacket with
> multiple packet acquisition and detection thread. I am attaching my config
> file.
> 
> The http traffic is generated using:
> httperf --server A.B.C.D --uri /10k.html --num-conn 120 --num-call 600
> --timeout 5 --rate 1 --port 80
> 
> Every second, a single connection is made with 600 requests. The target is
> then 600 requests/sec. All the requests are successful (see below).
> 
> 
> I am seeing a roughly 19% packet drop rate
> (capture.kernel_drops/capture.kernel_packets), even though CPU utilization
> and memory are relatively low. The stats file is attached.
> 
> cpu-0         cpu-1        cpu-2         cpu-3          mem
> tcp.reassembly_gap
> 61.108%     62.7%       61.616%    70.716%    12.068%     103
> 
> I would appreciate any pointers to what the problem may be.
> 
> Thanks!
> Ted
> 
> 
> 
> ----------------------------------------------------------------------------
> ---------------------------------------------------------------- httperf
> --server A.B.C.D --uri /10k.html --num-conn 120 --num-call 600 --timeout 5
> --rate 1 --port 80
> httperf --timeout=5 --client=0/1 --server=A.B.C.D --port=80 --uri=/10k.html
> --rate=1 --send-buffer=4096 --recv-buffer=16384 --num-conns=120
> --num-calls=600
> Maximum connect burst length: 1
> 
> Total: connections 120 requests 72000 replies 72000 test-duration 119.236 s
> 
> Connection rate: 1.0 conn/s (993.6 ms/conn, <=1 concurrent connections)
> Connection time [ms]: min 223.2 avg 232.3 max 265.8 median 230.5 stddev 6.8
> Connection time [ms]: connect 0.7
> Connection length [replies/conn]: 600.000
> 
> Request rate: 603.8 req/s (1.7 ms/req)
> Request size [B]: 70.0
> 
> Reply rate [replies/s]: min 600.0 avg 600.0 max 600.0 stddev 0.0 (23
> samples)
> Reply time [ms]: response 0.4 transfer 0.0
> Reply size [B]: header 261.0 content 10240.0 footer 0.0 (total 10501.0)
> Reply status: 1xx=0 2xx=72000 3xx=0 4xx=0 5xx=0
> 
> CPU time [s]: user 50.64 system 68.58 (user 42.5% system 57.5% total 100.0%)
> Net I/O: 6233.6 KB/s (51.1*10^6 bps)
> 
> Errors: total 0 client-timo 0 socket-timo 0 connrefused 0 connreset 0
> Errors: fd-unavail 0 addrunavail 0 ftab-full 0 other 0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3859 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130807/1845b341/attachment-0002.bin>

More information about the Oisf-users mailing list