[Oisf-users] Question about cpu-affinity

Cooper F. Nelson cnelson at ucsd.edu
Tue Mar 6 23:01:03 UTC 2018

"All programming is an exercise in caching."
    -Terje Mathisen

Regarding this deployment, since I was on old Intel hardware that is not
very IO-friendly either, I just copied that build to the new Piledriver
system and switched from cluster_cpu to cluster_flow.  And separated the
detect threads from the RSS queues.  No need for the offloading features
this time (which TBH do impact detection for some sigs) with HyperScan,
AVX and 56 detect threads!  The system is at around 12% load @peak, even
with the on-demand CPU frequency governor. 

I agree that the new Intel FSB innovations like DDIO are at this point
pretty much mandatory for 10 Gb HPC IDS deployments.  I'm already
looking at doing a 40Gb build using a modern Intel system and the new
40G NICs, which officially support symmetric hashing.  


On 3/4/2018 11:31 PM, Michał Purzyński wrote:
> The SepTun Mark II we're about to publish should actually behave better on
> non-IO friendly architectures, like AMD.
> Speaking personally, this is my private opinion:
> I don't see any deeper thought process about IO optimization on the AMD
> side, other than increasing the throughput of every interconnect. That's
> nice, but those aren't even close to being saturated, as we're wasting
> cycles waiting for cache misses :/
> Intel approached this problem in a much more systematic way.

Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180306/10a0274e/attachment-0002.sig>

More information about the Oisf-users mailing list