[Oisf-users] Suricata load/latency spikes
Oliver Humpage
oliver at watershed.co.uk
Wed Jul 1 13:12:41 UTC 2015
Well, researching further leads me to suppose this is likely a FreeBSD/ipfw/divert issue.
Not only is there nothing in the stats.log (the increase in DNS mem wasn't replicated when I looked at more results), but I now see large file downloads randomly stalling in the middle, with nothing at all logged in suricata. I see packets coming through the neighbouring routers, and then never making it through the suricata interface.
I've even tried only diverting my own laptop traffic through suricata, and still file downloads stall (I'm testing downloading FreeBSD ISO images, they normally stall at <100MB of the way through, but never stall if I switch off the suricata divert). My connection speed is currently around 50Mb.
Does anyone have any experience with suricata and ipfw, and how to tune it for reliable throughput? Or equally, has anyone had success using OpenBSD's pf divert-to rules instead of ipfw divert?
Thanks,
Oliver.
More information about the Oisf-users
mailing list