[Oisf-users] IPS/IDS latency Issues maybe

Leonard Jacobs ljacobs at netsecuris.com
Tue Nov 24 09:09:25 UTC 2015


We discovered that in AF-Packet mode, if Defrag is set to yes then the IPSec VPN handshake will not pass through WAN interfaces.  Does it make sense that the Defrag setting can cause this issue?
 
There also appears to be some latency issues for traffic on the LAN side so we set Defrag to no but it did not help.  Wondering if the sub interface on the real Firewall interface is confusing Suricata and causing latency issues.
 
Our threads are set to 6 on all AF-Packet interfaces.  Could that not be enough? What fine tuning could I do?  What troubleshooting could I do to solve this issue?
 
Thanks.
 
Leonard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151124/45c0e917/attachment.html>


More information about the Oisf-users mailing list