[Oisf-users] How to configure Suricata to handle 10G traffic per second?
Maxim
hittlle at 163.com
Tue Jan 17 09:49:20 UTC 2017
Hi all,
I got some information from this post: https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/. And I am trying to configure a 10G Suricata in my LAN to identify possible internal bad behaviors. I followed the instructions there, but I can only get less than 2G per second. Could you please give me some guidance on my configurations? Followings are my hardware information, suricata version, suricata configuration and CPU affinity settings.
Hardware information:
CPU: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz. 12 physical cores, 24 logical cores
Memory: 32G
NIC: Intel 82599ES
NIC driver: latest
I configured 16 queues for my NIC.
Suricata: version 3.2
Suricata configuration file: please see attached
I ran suricata using:
/opt/suricata/bin/suricata -c /opt/suricata/etc/suricata.yaml --af-packet eth4
eth4 is my Intel NIC name, I only got nearly 3.5G per second. Most of the packets were discarded, all my CPUs are fully used. Could you please give me some hints on this? Many thanks.
Hittlle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170117/b33805a0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: suricata.yaml
Type: application/octet-stream
Size: 60757 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170117/b33805a0/attachment-0001.obj>
More information about the Oisf-users
mailing list