[Oisf-users] packet loss troubleshooting
Cooper F. Nelson
cnelson at ucsd.edu
Wed Dec 9 19:51:39 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Let it run for a bit. There is race condition somewhere that causes
suricata to drop packets when its starting up and large buffers are
enabled. Or, at least there is on my config.
Aside from that, try running a "top-talkers" report to see if is any
traffic you can filter out. Just dropping our local Netflix/Youtube
caches doubled our capacity.
- -Coop
On 12/9/2015 11:32 AM, Yasha Zislin wrote:
> I use PF_RING.
>
> Changing these net.core buffers actually made it worse. Packet loss is
> instant with 30%.
> These are what my defaults are:
> net.core.wmem_default = 124928
> net.core.rmem_default = 124928
> net.core.netdev_max_backlog = 1000
>
> I have 10 gig NIC as well. Not that busy pipe. About 1 million packets a
> minute.
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJWaIZLAAoJEKIFRYQsa8FWnhMH/Ag8+EPGSdtigG7eXED0K2hG
h8ZyMn5GTWgz6cAS62EED8RS8ot6Q8FRBNrOf7Yd87jytdSMUN+FuzWRLheGP615
944UuMm66oJgtMfINRTZTsEubnnS7NYVMexTBMzhU+Y7qbZo6qTupx1S7ULtidHC
mvdBmWyf7IJex9ccGyBhwjDYJqMLkK0ThDkfJlMUN3fm5MhYyri94y9y2XI+aYtL
CrteDmXDvOZ63mWGQdS+WDNv/0UNpkTSlGBV0mZs4KWRa3bSiAY2aheoMAnMjgyW
RopmFif6dzHN8eAjfce+70R0KZFgtBMCKL/9VOIGFmCpv5JHe+zvY3ainZ3ePgk=
=7DOe
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list