Intel X520 and Multi-Queue Snort

[Mike Lococo <mike.lococo () nyu edu>]

Hi Folks,

I'm just getting started testing an Intel X520 capture card, with the
goal of using it to perform multi-queue snorting.  I'd like to have 8-12
snort processes each receiving a fraction of the traffic coming in off
of the 10G physical interface on the card, with traffic distributed in
some flow-aware manner like hashing the IP/proto/port values for each
packet.

I understand that linux has some kind of built-in multi-queue
technology, but I'm not finding any user-space tools to manipulate or
configure it.  I'm also finding very little high-level documentation or
discussion of folks that use the feature for network-monitoring
applications.  Are the built-in linux features useful for scaling snort
across multiple-cpu's, or is the feature aimed at a fundamentally
different use-case?

I also understand that pfring can be used with this card, and that there
is some reasonable documentation around doing so.  Before I got too far
into that framework, I wanted to see what (if anything) is possible with
native-linux features.  Is the general consensus among owners of this
card that PFRING is the way to go?

Cheers,
Mike Lococo

------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users