Re: Snort + PF_RING + DAQ

[Luca Deri <deri () ntop org>]

Hi Livio,
if you have a look at http://www.ntop.org/wp-content/uploads/2012/09/Snort_over_DNA_Silicom_30_07_2012_1.pdf you will 
see that the speed bump of DNA with respect to non-DNA PF_RING DAQ ranges from +20% to over +1400%. So I won't say 
"slightly better performance".

Regards Luca

On Sep 5, 2012, at 12:54 AM, livio Ricciulli <livio () metaflows com> wrote:

> > CPU Binding is something important, QUEUE wise if you bind a snort
> > process to the same network QUEUE
> > then you can clearly start to benchmark. If you spread the network
> > queue load on multiple CPU and do not bind process
> > to the same CPU then your adding context switching in the mix which i
> > think is bad at high throuput.
> In pfring lingo this is called DNA and does give slightly better performance
> which supports your claim:
> see https://www.metaflows.com/technology/10-gbps-pf_ring-2/
>
> We found, though, that with NAPI and letting the Linux scheduler loose 
> on 24 threads
> works just as well but gives you much better flexibility (you can have 
> multiple
> applications share the same interface for example which you cannot do 
> with DNA).
>
> So, your theory is correct but it does not make a big enough difference, 
> (on our appliances).
> And I doubt it would solve Peter's problem. But again, it is hard to 
> generalize and I might be wrong..
>
> Livio.
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!