[Oisf-users] hardware consideration for suricata deployment

Michał Purzyński michalpurzynski1 at gmail.com
Fri Apr 27 15:40:05 UTC 2018


540 might have two problems here

- some of them support symmetric hashing, some do not. Not a big problem, you verified it plus you could ask afpacket to do the hashing like we did with SEPTun Mark I

- They are PCIe v2 AFAIR. 540 might be better for 520 could do 10 per card with large packets but not if you have tons of small packets. If you have a general traffic mix, you should be good to go.

> On Apr 27, 2018, at 5:56 AM, erik clark <philosnef at gmail.com> wrote:
> 
> I am looking at dell M830 blades for ids gear deployment. For a 15 gig link, per septun, looks like we would only need maybe 192 gigs of ram to support inspection. However, these blades only support Intel x540s, and not 740s. Is the performance consideration between a 540 and a 740 such that it is better to get stand alone gear to do inspection, rather than in a blade form factor? Both nics support symmetric hashing at the hardware level last I checked, in the CentOS el repo ml kernel line. Thanks!
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/


More information about the Oisf-users mailing list