[Oisf-users] SEPTun & tuned

Peter Manev petermanev at gmail.com
Wed Feb 13 19:28:06 UTC 2019 

On Wed, Feb 6, 2019 at 2:55 PM Cloherty, Sean E <scloherty at mitre.org> wrote:
>
> I’ve been working on improving performance /reducing packet loss on our hosts running 4.1.2.  I’ve experimented with BIOS settings and changes to my current CPU pinning and isolcpu settings.  After reading SEPTun and some external sites about performance tuning, I read about using tuned.  The tuned tool seems to have some overlap with BIOS, cstate and pstate settings, latency, and IRQ polling times.  I have some questions about using tuned:
>
>
>
> Has anyone used these settings with positive results alone or with SEPTun suggested settings?
>
>
>
> Will using tuned hamper, conflict, or overwrite SEPTun settings – i.e. should they be mutual exclusive in your tuning regimen?
>

I have not used the RH tool yet - though it looks nice.
I am sure there could be some sort of overlap. The SEPTuns articles
are specifically written for Suricata -  trying optimize the whole set
up to the extreme on a per case basis . If you can achieve the same
tuning  configuration using a GUI tool or a script - I would say go
for it. However you would need to investigate what the tool can
cover/what it changes and if there is something missing still from the
SEPTun writeup that needs to be further tackled/done after the tool is
done.

>
>
> Has anyone used the SEPTun BIOS tuning parameters on an AMD BIOS on Supermicro servers?  Some settings listed for the example HP server are not exposed in the Supermicro BIOS or use a different nomenclature.
>
>
>
> The BIOS settings seem to make sense for improving IDS performance.  However, does each work improve performance if implemented alone, or does the improvement rely on all of the BIOS settings need to be changed together ?
>

I think it is the bundle of it.

>
>
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/performance_tuning_guide/sect-red_hat_enterprise_linux-performance_tuning_guide-tool_reference-tuned_adm
>
>

I would definitely give it a try - didnt know about it.
Thanks for sharing!

>
>
>
> Sean Cloherty
>
> Lead InfoSec Engineer/Scientist
>
> MITRE Corporation
>
> office (781) 271-3707
>
> cell      (781) 697-8043
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/



-- 
Regards,
Peter Manev

More information about the Oisf-users mailing list