[Oisf-users] Low End Hardware

Peter Manev petermanev at gmail.com
Tue Apr 21 19:09:48 UTC 2015


On Tue, Apr 21, 2015 at 7:16 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> A good rule of thumb is that if you want to run the full ET feed you
> need 1 core per 50 mbit of traffic.

I think it really depends on the traffic type and the particular set up.

I have run full ET feed on 1Gbps pipes with much less HW than 1 core
per 50mbit (aka 20 cores on 1 Gbps)
(plus a core can be for example anything form 1.8 to 3.8GHz and more -
and that really  makes a difference as well )

>
> On 4/21/2015 4:27 AM, Peter Fyon wrote:
>> Hey everyone,
>>
>> I'm looking to upgrade my snort setup at home to suricata. At the same
>> time, I'm planning on upgrading hardware.
>>
>> Unfortunately, the only benchmarks I can find are from back in 2011 or
>> for setups handling substantially more traffic than I need (10gbit).
>>
>> I was hoping some of you could give me examples of the hardware you're
>> using, number of signatures, and the throughput you see.
>>
>> My current box is an old netbook with a first gen atom cpu. With snort +
>> nfqueue and 20000 signatures, it starts dropping packets around 25 mbit
>> and multiple sessions. My ideal box would be able to handle
>> ~700-1000mbit, with fewer signatures.
>>
>> On the note of hardware, is it better to focus on more cores or higher
>> cpu speed?
>>
>> Thanks,
>> Peter
>>
>>
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
>>
>
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
>
> iQEcBAEBAgAGBQJVNoX/AAoJEKIFRYQsa8FWp/gH/3LH1iJTYR1qDXXKV3niXX5x
> 3OLN5dPOZoFHqALur2SuyYrL2BwpfR+wahIiaT8mem8rvw5g1wt/36clDi+nvZ8R
> 5yFcs2tpFj0xhFrt08Vucn+Mx+M22d8+Q8F4sHJEx7hYtr4/c4/K88rXUHjwprBH
> 0jRYdrYYcizBamIbj3bx6eth7Mhj/xifeiJXB2ONtrMDZgs6Iy1zD8qxhc1OTwuM
> 4sao0dfdCQvoWQj9XgAbwR8lPz3Xhl0oyCM8xg9ndfwbNa6F2pyF2sgFwkXgOU/m
> Wa2LHdwq6g1IzB5wYc7blFeFov1Pqwyz/rBf8qknJCrUCBZ/fsIsdaZ0bJ50kwo=
> =72Ks
> -----END PGP SIGNATURE-----
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list