Snort mailing list archives
IPtables QUEUE performance numbers from Ixia
From: Brad Doctor <brad () stillsecure com>
Date: Thu, 25 Aug 2005 13:38:51 -0600
Will Metcalf asked if anyone had done this sort of testing. The server is a dual opteron 875 dual-core (2.2gHz, 1Mb L2), Tyan S2895KWE (2 x16 full-speed PCIE). Two SysKonnect PCI-E NICs, the SK-9E22. One RAID-0 disk subsystem (hdparm -t reports 105MB on average), memory is crucial, whatever the max speed memory for this thing is. Kernel is 2.6.11.10 and/or 2.6.12.3 -- no differences in performance. The software is Ixia ixChariot, the endpoints are very fast devices that will sustain 980Mbps bridged through this box all day long with very little variation. So, some numbers: IPtables QUEUE, full ruleset of about 2700 or so - no PCRE: TPUT: Avg: 273.299 Min: 270.270 Max: 275.862 IPtables QUEUE, zero ruleset of 0 rules: TPUT: Avg: 388.389 Min: 284.698 Max: 400.00 One other thing that is kind of not progressing any more due to the NFQUEUE work being done for future kernels is the divert sockets for linux (http://sourceforge.net/projects/ipdivert). Some numbers from that: DIVERT, full ruleset of about 2700 or so - no PCRE (same as above, in fact same binary as above): TPUT: Avg: 312.940 Min: 162.602 Max: 331.95 DIVERT, no rules: TPUT: Avg: 414.910 Min: 139.130 Max: 484.849 Hope this helps - let me know if you have any questions or need more information. Happy to provide. -brad -- *Brad Doctor, CISSP** Director, Security Research* *Stillsecure* 303-381-3807 Direct 303-381-3881 Fax www.stillsecure.com <http://www.stillsecure.com> /Reducing your risk has never been this easy/ . . . /The information transmitted is intended only for the person to whom it is addressed and may contain confidential material. Review or other use of this information by persons other than the intended recipient is prohibited. If you've received this in error, please contact the sender and delete from any computer. /
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- IPtables QUEUE performance numbers from Ixia Brad Doctor (Aug 25)
- Re: IPtables QUEUE performance numbers from Ixia Brad Doctor (Aug 25)