[Oisf-users] Occasional burst of packet loss
Cooper F. Nelson
cnelson at ucsd.edu
Mon Nov 3 17:48:30 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If you are monitoring a big DMZ network (like an ISP), then you will
almost certainly see sporadic packet drops due to DOS events. Suricata
seems to have a hard limit of packets-per-second-per-core and will drop
packets if there is flood to/from a specific host.
- -Coop
On 11/3/2014 8:02 AM, Yasha Zislin wrote:
> I have a pretty beefy server monitoring two SPAN ports. A lot of packets
> are flowing in there, mostly HTTP stuff.
> I have 40 logical CPUs (20 per SPAN Port). I am using PF_RING.
>
> I've noticed that I get an occasional packet loss and it's a burst of
> packets. After that it is fine for days.
> So couple of PF Ring instances report packet loss (ie cat
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJUV7/uAAoJEKIFRYQsa8FWA7EIAJCLWbp0kYfMsJyERim/AKnw
c15Csb/lkWqaO4PepibTCegnbYva+lrSf3MGuGGFrfWNZUe8e3fXJOWqicxMrcvV
wdiMOIMFAMU8YPTqCZqJ7lGrY0TP5R0gn+Q5CTIhgdDg1raWDz/SUCZlh9kg3GHN
miWLLaIkWkhgcTznE86XRnz2Omq2IREwFwaQe8/kjC6QW42LqDMXncxw6pSAJ2bJ
yIw3lIadw37FpVtfG0FGi3jv/KzbCLjFIUJyFVwI8KilLSG+/eAfH949yLjEMyvY
2FwQxLrMJqxaF1S/rHTjAfVt2GRbeAj5BmN990xfX0fOUYZCN6cj10VdHi3YTfM=
=Ty7D
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list