Snort mailing list archives

Re: Handling of a 1 or 2 GB pipe?

From: Bennett Todd <bet () rahul net>
Date: Sat, 1 Feb 2003 11:52:55 -0500

2003-01-30T19:27:43 Travis S.:

The average load is 1 Gbps (combined) and it wouldn't be
surprising to see constant levels of above 1.5 Gbps.


An ordinary PC can't haul bits off the wire faster than c. 300Mbps.
Boxes with PCIx bus can hit up around 550-600Mbps.

If you want to deal with 1.5Gbps of real traffic, you're going to
need something special to help you.

As far as I know, the only way to do the job with snort today is to
use a Toplayer switch to dispatch the traffic over a snort farm.

There are some vendors doing custom hardware to assist their
networking kit to go faster. I can't think of any who have publicly
announced support for snort.

And, if you wait another year or two, generic PCs will get fast
enough to handle this.

NB that this problem isn't specific to snort; no app today can
exceed c. 300Mbps of real traffic handling on a normal PC.

-Bennett

Attachment: _bin
Description:

Current thread:

Handling of a 1 or 2 GB pipe? Travis S. (Jan 30)
- Re: Handling of a 1 or 2 GB pipe? twig les (Jan 30)
- Re: Handling of a 1 or 2 GB pipe? Edin Dizdarevic (Jan 31)
  - Re: Handling of a 1 or 2 GB pipe? Yaakov Yehudi (Feb 04)
- Re: Handling of a 1 or 2 GB pipe? Erek Adams (Jan 31)
- Re: Handling of a 1 or 2 GB pipe? Bennett Todd (Feb 01)
- <Possible follow-ups>
- RE: Handling of a 1 or 2 GB pipe? Scott, Joshua (Jan 30)
- RE: Handling of a 1 or 2 GB pipe? Morgan R. Elmore (Jan 31)
- RE: Handling of a 1 or 2 GB pipe? Ricardo, Gerson (Jan 31)