[Oisf-users] Traffic limit

Alan Wanderley dos Santos alan.santos at rnp.br
Fri May 15 20:07:01 UTC 2015

Hi all,

My name is Alan Santos. I'm security analyst at RNP (Rede nacional de ensino e pesquisa) - Brazilian National Research and Educational Network. I'm working on project of distributed sensors around out backbone. After a lot of tests, we choose suricata for this job. The project is under development and working fine. The engine with suricata sensor will be distributed by a vm image. A lot of network administrators and security guys can be install the sensor in your own environment. This is a project definition. Because of this, we can not know every specification of the VMs hardware's also. Also, the traffic volume is unknow, but, sure is much bigger than 100Mbps (interface limit).

My question is about traffic limit. There are any way to do a limit rate by software? I mean, as i said, the traffic volume is biggest that vm interface. There are some kind of workaround about it? Some kind of limitation for network traffic. I think on environment on, vm engine's analysis 80% of 100 Mpbs traffic and discard the rest. I have afraid that the traffic kill the engine.

Sorry for the long introduction and for my bad english. I think that is hard explain the question without tell details about the project.


Alan Santos
Analista de Segurança
Centro de Atendimento a Incidentes de Segurança (CAIS)
Rede Nacional de Ensino e Pesquisa (RNP)
(19) 3787-3314 | alan.santos at rnp.br

More information about the Oisf-users mailing list