Re: Hardware required for monitoring a DS3

[Erek Adams <erek () theadamsfamily net>]

On Tue, 2 Oct 2001 brandon () roguetrader com wrote:

> We have a few DS3's and are averaging an aggregate of about 40MBit of them.

Ok, realize that you're pushing a helluva lot of traffic.  The T1's aren't
your best choice.  They run out of gas on that traffic rather quickly.

> I have recently been evaluating upgrading.  We tried a Sun Netra T1/500MHz
> and it was slower than our existing P3/850Mhz.  I also had some problems
> because it appeared to actually process less packets but did not record ANY
> lost packets, compared to our FreeBSD box on intel.  With a few minute
> span each on the same hub recording the same data the Intel/BSD box
> recorded about 2.3mil packets with less than 1 % loss and the SUn
> recorded about 1.5 mil packets with zero loss.  We have since
> disregarded the sun as a viable option.  What we did end up deciding
> on was a Dual Athalon MP core at 1.2GHz.  We are buying the eracks
> version (http://www.eracks.com).

What I would be interested in seeing is a comparison of (Solaris Sparc vs.
Solaris Intel) vs (OpenBSD/Sparc vs. OpenBSD/Intel) on the same sets of
hardware.  I'm wondering if it's the OS that made the difference or the
platform.  I'm running on Solaris 7 and not seeing any packets lost.  Granted,
the sensors are spread out all over, and traffic is fairly segregated...  I've
seen nothing like that.  Was your ether interface taking a lot of errors?  Or
was this just 'silent drops'?

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users