[Oisf-users] EXTERNAL: Fwd: Installing / Running Suricata with Myricom NICs

Chris Herdt cherdt at umn.edu
Fri Mar 30 16:15:43 UTC 2018 

We have started seeing the same behavior periodically on several interfaces
after applying the most recent kernel update (3.10.0-693.21.1.el7.x86_64)
on our sensors (running CentOS 7).

Prior to this update, we did not observe this behavior in Suricata (we've
been running this configuration since July 2017).

We're running Suricata 3.2.5 with the v3.0.13 of the Myricom SNF drivers.

We have a redundant set processing the same traffic and we do not see the
same behavior on both sides at the same time, suggesting it is not related
to a single flow.

We have 10 cores pinned to each Suricata instance (1 management, 9
workers), and when this behavior occurs one of the worker cores pegs at
100% utilization while the other cores on the same instance drop down to
<1%.



On Mon, Feb 26, 2018 at 3:18 PM, Erich Lerch <erich.lerch at gmail.com> wrote:

> No... I mean, I didn't try.
> But given the very low overall packet loss we experience (< 0.2%), it's
> not one of my top priorities :-)
>
> Erich
>
> On 26.02.2018 22:12, Peter Manev wrote:
> > On Mon, Feb 26, 2018 at 10:10 PM, Erich Lerch <erich.lerch at gmail.com>
> wrote:
> >> Hi Zach
> >>
> >> Yes, happens here, too! Fortunately not too often, and only for a short
> >> period of time, before it normalizes again.
> >>
> >> Never found out why exactly this happens, though.
> >
> >
> > Is it possible to narrow it down by some flowinfo that is observed
> > during the same period that it happens?
> >
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>



-- 
Chris Herdt
Systems Administrator
cherdt at umn.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180330/b0062c96/attachment-0001.html>

More information about the Oisf-users mailing list