[Oisf-users] Monitoring 100Gb network

Peter Manev petermanev at gmail.com
Thu Jun 1 14:57:35 UTC 2017 

On Tue, May 30, 2017 at 10:11 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> Really depends on the traffic profile.
>
> If you have primarily 'elephant' flows (i.e. 'big and fat' 100-1000+
> mbit flows), then you can probably get away with a fairly modest server
> and leverage suricata's flow pruning feature.
>
> If it's more like typical ISP traffic (lots o' little flows), you will
> need more cores.

Indeed!
The usual performance affecting suspects  - Rules / Type of traffic /
Suri version / HW
I have no 100Gbps experience with Mellanox - but i would suggest to
get very familiar with  the NICs settings/docs :)

>
> Peter Manev and Michal Purzynski have a performance tuning guide for
> 20gb+ deployments you may find interesting:
>
>> https://github.com/pevma/SEPTun
>
> -Coop
>
> On 5/30/2017 8:27 AM, Charles Devoe wrote:
>> We are currently looking to monitor a 100Gb network.  Does anyone
>> have any recommendations for the server needed to do this?
>>
>> We are looking at a server with
>>
>> Intel Xeon E5-2697v4 2.3Ghz, 18C/36T 128 GB Memory Mellanox 100 Gbe
>> dual port card 2 –ea 300 GB hard configured as RAID 1
>>
>>
>> Has anyone out there monitored a connection of this size?
>>
>> This message and attachments may contain confidential information. If
>> it appears that this message was sent to you by mistake, any
>> retention, dissemination, distribution or copying of this message and
>> attachments is strictly prohibited. Please notify the sender
>> immediately and permanently delete the message and any attachments.
>>
>> . . .
>>
>>
>>
>> _______________________________________________ Suricata IDS Users
>> mailing list: oisf-users at openinfosecfoundation.org Site:
>> http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List:
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>
>
> --
> Cooper Nelson
> IT Security - Information Technology Services
> University of California San Diego
> (858) 534-6487 - cnelson at ucsd.edu
> https://cybersecurity.ucsd.edu
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>



-- 
Regards,
Peter Manev

More information about the Oisf-users mailing list