[Oisf-users] more tuning....
Cooper F. Nelson
cnelson at ucsd.edu
Thu Aug 21 04:52:18 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As a sanity check, try restarting irqbalance.
If that doesn't work, the problem is that the nic driver sends "crap"
packets to the first core by default.
Did you set the UDP hashing as described in that article?
> regit at suricata:~$ sudo ethtool -N eth3 rx-flow-hash udp4 sdfn
> regit at suricata:~$ sudo ethtool -n eth3 rx-flow-hash udp4
> UDP over IPV4 flows use these fields for computing Hash flow key:
> IP SA
> IP DA
> L4 bytes 0 & 1 [TCP/UDP src port]
> L4 bytes 2 & 3 [TCP/UDP dst port]
If you are doing ipv6 try disabling that as well via a bpf filter.
On 8/20/2014 9:45 PM, Russell Fulton wrote:
>
> On 21/08/2014, at 4:40 pm, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
>
>> Signed PGP part
>> What runmode are you using?
>>
>
> runmode: workers
>
> BTW I installed the latest ixgbe drivers as suggested by https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/ and that lead to a substantial drop in the proportion of packets being dropped.
>
> Russell
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJT9XsCAAoJEKIFRYQsa8FWVAIIAM5rJsVm1eh03r9da48+qQRv
badZ23nEReDplFrM6Z9jcAUiWDi2ywN1syGkcVBn5GqfV+8N/k7KQuw58KHuUpUG
X0lcpumC6EyZmYVUgPLzHEf43CLJUJsYgeNlE4HEZ/IlTOZ5Xw9HCrvleG0NvalR
n0c4SGgCcl3qNikmyJRJeKRQIcoPncUASe7KFxQTizbQcMkoaSgohoy+xwU7z72v
7toc+12qrJFfRPyMZ4hT8Iw/2qnHEA5VaqbmKG2ifJ8AsjbxoWQvq42nVeSqxhj8
SnYUxI5gU/NwObDjE/q+QiuybTUE6hO8bcSBam4p4TbPwbyJRaD7BQQ5ksI4GqI=
=sHJ5
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list