[Oisf-users] 20Gbps - is it possible?!
Matthew George
mattg210778 at gmail.com
Tue Mar 15 12:11:33 UTC 2016
Dear Suricata users - please help,
I am interested in getting Suricata running to rates up to and over 20Gbps.
We are using a fairly impressive server spec i.e. 20 cores and 128GB ram
etc.
I also have a signature offload card spliced into the bottom of our
modified Suricata (based on 2.0.9) giving about a 20-30% reduction in CPU
per worker thread without any negative impacts on alerts. The card also
does 0 copy DMA and load sharing to 16 worker cores via a proprietary
implementation not that dissimilar from PF_RING.
The throughput on the system however when running the full ET Pro ruleset
is no where near what we'd like or it appears what you guys are getting so
my questions is what are we doing wrong?
Should we use a different code base, a bigger server or tune the rules?
Any help would be greatly appreciated,
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160315/c1506dc4/attachment.html>
More information about the Oisf-users
mailing list