[Oisf-users] How to configure Suricata to handle 10G traffic per second?

Tue Jan 17 15:12:45 UTC 2017


> On 17 Jan 2017, at 01:49, Maxim <hittlle at 163.com> wrote:
> 
> Hi all, 
> I got some information from this post: https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/. And I am trying to configure a 10G Suricata in my LAN to identify possible internal bad behaviors. I followed the instructions there, but I can only get less than 2G per second. Could you please give me some guidance on my configurations? Followings are my hardware information, suricata version, suricata configuration and CPU affinity settings.
> 
>         Hardware information:
>                CPU: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz. 12 physical cores, 24 logical cores
>                Memory: 32G 
>                NIC:  Intel 82599ES
>      NIC driver: latest 
>            I  configured 16 queues for my NIC.
>       Suricata: version 3.2
>       Suricata configuration file: please see attached
> I ran suricata using: 
>                   /opt/suricata/bin/suricata -c /opt/suricata/etc/suricata.yaml --af-packet eth4
> eth4 is my Intel NIC name, I only got nearly 3.5G per second. Most of the packets were discarded, all my CPUs are fully used. Could you please give me some hints on this? Many thanks.
> 

A detailed guideline you can try -

https://github.com/pevma/SEPTun

Thanks 

> Hittlle
>       
> 
> 
> 
>  
> 
> 
> 
>  
> 
> <suricata.yaml>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170117/2c3cf5d4/attachment-0002.html>