[Oisf-users] running Suricata on cisco ucs
Cooper F. Nelson
cnelson at ucsd.edu
Wed Oct 21 16:05:03 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It really depends on what you want to do.
For example, if you want a 10+ gig sensor using the AF_PACKET + 'worker'
runmode, you really need a bare-metal deployment and a NIC that supports
receive-side scaling. This is because the CPU, NIC, kernel and suricata
are all tightly integrated in order to deliver optimum performance. You
also need to be able to disable all the offloading features of the NIC,
which isn't possible with some of the virtualized environments.
However, if you are able to use one of the libpcap modes that should work.
On 10/21/2015 6:35 AM, Risto Vaarandi wrote:
> ...additional question -- if one runs Vmware on top of ucs as people
> normally do, can Suricata deliver adequate performance if running as
> a virtual machine? How efficiently is packet capture implemented
> through virtual network cards and what is the max rate of traffic I
> could reliably capture? Any experience and results from the field are
> appreciated :) Kind regards, risto
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJWJ7evAAoJEKIFRYQsa8FWBrkH/0v+6VcDvCUHRhARQrDKZmx+
//CB74mTsejgiLH6dtXNmWFg+l0r4Pwj6lGfU8JSDx5BE4HWdt02vaNbsyFFwxop
k9Fh1lC+yjGDidwZwRC00fL02jdqr2xewJOuiRQWo6LWUz+CoJHKW65vT5XVkuUv
/SFTx+pJuFyCRHWCxDNiZIKbh+Tztn1NPu+aMMbLDgWVqOTysJhhqw+3XeBf4uVZ
w/HXI79cz+h5KLB0lvcqA6Ibry2NU2IQz2vDBktEI3ZXchePSG/ajFus6Je3u6Ka
peMKEcYgAdIrtn6tAOO5vlOxALshgSjGwVZvbAW/WeRrIEe8Xamp1XNj07g+VFg=
=p3sf
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list