[Oisf-users] (no subject)
Travel Factory S.r.l.
mc8647 at mclink.it
Mon Mar 24 09:50:53 UTC 2014
After several months I'm back to suricata.
Please help me understand what is going wrong in my setup.
Server with 16 real cores, 32 gb ram.
10 gbit lan card: Intel Corporation 82599EB 10-Gigabit SFI/SFP+
Network Connection (rev 01)
O.S. is ubuntu 12.04. Suricata is the last 1.4. ixgbe driver updated
to 3.18.7. ethtool to 3.13. Every "offloading" stuff set to off
except:
highdma: on [fixed]
rx-vlan-filter: on [fixed]
tx-fcoe-segmentation: on [fixed]
tx-nocache-copy: on
Interrupts are split among cores; irqbalance stopped.
ifconfig reports:
RX packets:89109893 errors:0 dropped:13188 overruns:0 frame:0
with the dropped value constant for a few seconds then raising always
by a multiple of 4 each second.
When tcpstat reports a load of 120mbit/s (or less) I can succesfully
capture all the traffic, above that level I start to have incomplete
files.
I'm currectly using AF_PACKET, workers runmode, cluster_cpu, with 8 or
16 thread (with no visible difference).
I'm trying to check if I'm receiving all the packets from the lan
side, but the lan people tell me it's everything ok on their side...
Where can I look for problems ? I spent several days trying to
optimize everything I could but with no success so far...
Thanks
More information about the Oisf-users
mailing list