[Oisf-users] Hardware specs for monitoring 100GB

Peter Manev petermanev at gmail.com
Thu Aug 1 21:28:21 UTC 2019

What type of traffic is that and what rules are you planing on using?


> On 1 Aug 2019, at 22:19, Nelson, Cooper <cnelson at ucsd.edu> wrote:
> Should be fine for ISP traffic.
> We are doing 20Gbit with 48 worker threads on an older AMD Piledriver box and it’s around 10-15% loaded with the ‘ondemand’ CPU governor.
> Suricata is primarily I/O bound if you are using the Hyperscan matcher and given you have a more modern bus and caching sub-system than us you should be under 50% CPU @peak.  This is my personal sizing recommendation to keep packet drops under 1%.
> If you are having performance issues or packet loss; make sure you have flow bypass for tcp and tls. 
> -Coop
> From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of Daniel Wallmeyer
> Sent: Thursday, August 1, 2019 1:14 PM
> To: 'oisf-users at lists.openinfosecfoundation.org' <oisf-users at lists.openinfosecfoundation.org>
> Subject: [Oisf-users] Hardware specs for monitoring 100GB
> Hey fellow mobsters,
> Looking to verify that we have spec’d our hardware correctly for monitoring 100GB:
> 2 x Intel(R) Xeon(R) Gold 6136 CPU
> 256GB of RAM
> Napatech NT100E3-1-PTP
> The traffic will be fed via a single network tap.
> Will this be enough hardware to deal with 100Gb/s of traffic?
> At the very least it would be great to know if the CPU and RAM is enough, we can work with Napatech to get the right card.
> Thanks,
> Dan
> This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments. 
> . . . . .
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190801/8136d7a9/attachment-0001.html>

More information about the Oisf-users mailing list