[Oisf-users] Suricata config for max udp-througoutput
oleg gv
oagvozd at gmail.com
Thu Jun 23 09:35:30 UTC 2016
Hello, i'm testing Suricata on machine with 32 CPU and 32Gb RAM.
I need to maximize Suricata performance on IXIA for UDP-traffic of
fixed-length packets.
I need to test 2 modes: PF_RING and AF_PACKET.
What configs do you suggest for both of them.
My setup for PF_RING and almost identical for AF_PACKET:
1) using 2 eth-interfaces (eth0-eth1) with copy-mode IPS
2) threads 32
3) diffeerent cluster-id for each of 2 ifaces
4) runmode auto or workers
5) ring_slots 100k
6)max pending packets - 512
7)detect-thread-ratio - 1.0
8)cluster_type : flow
8)all 17k rules is turned on
9)Icreased memcaps and other memory related options for
detect,fragmentation and stream subsystems of Suricata.
10)As result Suricata consumes about 15Gb RAM when run
PROBLEM: IXIA Tx Tput is MORE then Rx TPut : for example -
IXIA transsmit (TX) to Suricata eth0 on speed 10Gbps (from total
theoretical 20Gbps) and
IXIA receive (RX) from Suricata eth1 on speed 15Gbps (from total teoretical
20Gbps)
Without Suricata : RX=TX=~19Gpbs.
I've tried to increase ip wmem/ip rmem values in proc to (4Mb 16Mb 64Mb)
but problem still remains.
I think this is because of drops. What do I need to do to decrease drops
and make RX~=TX.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160623/87a7d0c5/attachment.html>
More information about the Oisf-users
mailing list