[Oisf-users] Tuning Suricata (2.0beta1) -- no rules and lots of packet loss
Duarte Silva
duarte.silva at serializing.me
Wed Aug 21 20:17:18 UTC 2013
>From my experience, I had to change the irqbalance
(/etc/sysconfig/irqbalance file on RHEL) parameters to ignore the IRQ's
related with the Ethernet card queues (option --banirq if I'm not
mistaken). Otherwise, it would overwrite the affinity settings I defined.
On 21 Aug 2013 21:10, "Cooper F. Nelson" <cnelson at ucsd.edu> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I looked at your attached /proc/interrupts file; something is definitely
> off as it looks like the the first RX queue for each interface is still
> bound to core-0:
>
> > grep TxRx-1$ Suricata-proc-interrupts.txt
> > 127:, 64,
76049,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0
1674293,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0
PCI-MSI-edge, eth6-TxRx-1
> > 161:, 59
1766722,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0
PCI-MSI-edge, eth4-TxRx-1
> > 178:, 38, 73976,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0
1682548,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0,,0
PCI-MSI-edge, eth5-TxRx-1
>
> Have you tried restarting irqbalance via "/etc/init.d/irqbalance
> restart" after loading the driver?
>
> On 8/21/2013 11:51 AM, Tritium Cat wrote:
> >
> > In theory irqbalance should work fine and set_irq_balance is only
needed if
> > one wanted to bind all packet processing of a flow from a queue to a
> > dedicated core, as mentioned somewhere in the available Suricata 10G
> > strategies; that's another area I'm not sure I setup correctly but I do
not
> > believe it is the cause of the performance issues.
> >
>
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJSFR7MAAoJEKIFRYQsa8FWymsH/iAbj6b7Xh3zIj7U5wNFAiqi
> 8IwvArm0g5gx3FPzoyH/srVfkqIQIHOHH3WrCx3NpyGRfw51YDJ+lVHhLjuR7aTP
> JeNXw35gq2/k0BpkWDS7q7cUN9x0vue5RjBQVtk16MUVlBJRP89QT5VWYSkJn2pb
> Ib4Lgj2iGadMByMeDB7eB0MAVddzgRWWdLKTfckpCrdjkOhyCYJTAfyRZVxHHxwA
> yqDkpQQnyp4BV9NSrjU8aedXmCuSRl/vpev1uwF0+ULBCIVmGhwfd4/QeR6ebRA0
> /Ip1CtZKSNcMX2p4m56VZaJqcCyc6yILNI5WYL19XAlZtFR4/ApRgw64S8uJbTo=
> =BFVi
> -----END PGP SIGNATURE-----
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130821/a81f908e/attachment-0002.html>
More information about the Oisf-users
mailing list