[Oisf-users] Suricata 3.0 / 3.0.1 IPS Perfomance Anomaly?
Victor Julien
lists at inliniac.net
Tue Apr 5 13:15:30 UTC 2016
On 05-04-16 11:00, Berk Gulenler wrote:
> I'm having performance problems over HTTP with "-march=native" flag. I'm
> sending you test results that I have made on the same hardware and with
> same configuration.
>
> Suricata 3.0.1:
> * IPS
> * --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var
> * *CFLAGS -g -O2 -march=native*
> * workers mode
> * af_packet: threads: 16, cluster-type: cluster_cpu, use-mmap: yes
> * threading: set-cpu-affinity: yes
> Intel Xeon CPU E5-2690 x 2
> Intel X540-AT2
> Ubuntu 14.04.4 LTS
> gcc version 4.8.4
>
> wget over Suricata: (results are consistent over many tests)
> 1.784.676.352 55,1MB/s (single flow)
>
> Suricata 3.0.1:
> * IPS
> * --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var
> * *CFLAGS -g -O2 -march=core2*
> * workers mode
> * af_packet: threads: 16, cluster-type: cluster_cpu, use-mmap: yes
> * threading: set-cpu-affinity: yes
> Intel Xeon CPU E5-2690 x 2
> Intel X540-AT2
> Ubuntu 14.04.4 LTS
> gcc version 4.8.4
>
> wget over Suricata: (results are consistent over many tests)
> 1.784.676.352 74,8MB/s (single flow)
>
> However there are no performance problems observed over iperf (tcp)
> benchmarks in both tests. (~860 Mbit/s over single flow)
>
Could you add additional information? I'd be interested in learning
where the performance is different in the code.
Use 'perf' to record this info:
perf record <your suricata startup line>
Then when you stopped Suricata, share the output of
perf report
You may have to recompile Suricata with CFLAGS="-g".
Thanks!
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list