[Oisf-users] [EXT] Re: Packet loss and increased resource consumption after upgrade to 4.1.2 with Rust support
Nelson, Cooper
cnelson at ucsd.edu
Thu May 30 15:33:56 UTC 2019
Yes indeed I am pretty sure that is the fix. In fact, I originally heard about this while reading the whitepaper for the i40e NICs, they allow much finer controls of the RSS implementation and described in detail the issues with properly load-balancing fragmented IP traffic.
Unfortunately, I don’t have one these NICSs and my current system can only support 10Gb per NIC.
Would it be possible to add a new ‘trivial’ load balancer (e.g. cluster_peer) that ignores the hash from the kernel and just load balances on the IP header src->dst? There is still the issue that the fragments may be delivered out-of-order to the worker threads, but I think suricata can handle that?
-Coop
From: Michał Purzyński <michalpurzynski1 at gmail.com>
Sent: Wednesday, May 29, 2019 12:52 PM
To: Nelson, Cooper <cnelson at ucsd.edu>
Cc: Cloherty, Sean E <scloherty at mitre.org>; Peter Manev <petermanev at gmail.com>; Eric Urban <eurban at umn.edu>; Open Information Security Foundation <oisf-users at lists.openinfosecfoundation.org>
Subject: Re: [Oisf-users] [EXT] Re: Packet loss and increased resource consumption after upgrade to 4.1.2 with Rust support
How about ignoring layers above 3 and just going with ip src + ip dst? I'm pretty sure I can do that on i40e.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190530/03cfc67c/attachment.html>
More information about the Oisf-users
mailing list