[Oisf-users] Out of band 10Gb Suricata

Brian Hennigar bhennigar at gmail.com
Wed Oct 14 23:23:05 UTC 2015


I've looked into pf_ring.  vmxnet3 isn't supported by pf_ring and the E1000
interface choice by ESXi is only 1gb which wouldn't work for 10Gb. vmxnet3
supports 10gb.   Passing the interface directly through to the VM might be
an option but not ideal.

I'm just starting on configuring it to use workers and af-packet.

Thanks,
Brian

On Wed, Oct 14, 2015 at 8:19 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I didn't notice that either.  All my deployments are bare metal, so I
> don't know well that will work.  If the NICs support recieve-side
> scaling everything should work well.
>
> - -Coop
>
> On 10/14/2015 2:38 PM, Chris Wakelin wrote:
> > Also it seems you're using virtual NICs ("vmxnet3")?
> >
> > Depending on which interface type you use and whether it supports
> > AFPacket, you might need something like PF_RING ZC
> > (
> http://www.ntop.org/products/packet-capture/pf_ring/pf_ring-zc-zero-copy/
> ).
> >
> > Best Wishes,
> > Chris
>
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
>
> iQEcBAEBAgAGBQJWHuLnAAoJEKIFRYQsa8FWrvsH+wRBuQfoKKRFamD2qLXzuVUX
> JR9IeY22XRfoCrMGjD0h7Yic0fkt6DPLng/z4rmn0brgCjkSxYukdnhvHUyZzPTi
> lkDdkEevXGcA1CDqw2+ZyQsqRao2GO6EfOJ7pvH1QIL4rG7Aa2Nl+PVL1La2hq8k
> 8OEiTZr4/nGs7cUOGyFLooKgPh5lOeEjhRdkO0QueYK46IgWClRg/haIQEBT/YUK
> QbedoaAViBbQti2sWYbNi0MIZtWoELNuJxG+79aKEQkWWUbztbej29guX+mafojA
> el9JK1BuEnHz/VdIp+e1XCc39mur5qJMS47vwlVDD9IMFFfi2o69+ZdD5SiiiuQ=
> =2PmI
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151014/79afe570/attachment-0002.html>


More information about the Oisf-users mailing list