Re: CPU and RAM planning tool

["Sallee, Stephen (Jake)" <Jake.Sallee () umhb edu>]

> > As far as I know, no tool exists like that, and yes, it would be very useful, and it wouldn't be hard and fast, it 
> > would be a very loose estimate.

Thats a fair point, do you think it may be possible to get with in, say +/- 20% of reality?

A true test of performance can only be done with the actual hardware, that much is obvious.  But, if it is possible to 
get within a statistical margin of reality that would be great.

Attempting to get perfect numbers would be a very daunting task.  Bus speeds, bus architecture, CPU instruction sets 
... compilation fags, gcc version ... aaaaand my head almost exploded just thinking about it.  And thats just for the 
CPU  <( ' o ')>



Jake Sallee

Godfather of Bandwidth

Network Engineer

University of Mary Hardin-Baylor



900 College St.

Belton, Texas

76513



Fone: 254-295-4658

Phax: 254-295-4221






From: Joel Esler [jesler () sourcefire com]

Sent: Sunday, March 10, 2013 8:52 AM

To: Sallee, Stephen (Jake)

Cc: snort-users () lists sourceforge net

Subject: Re: [Snort-users] CPU and RAM planning tool







On Mar 9, 2013, at 11:36 PM, "Sallee, Stephen (Jake)" <Jake.Sallee () umhb edu> wrote:

Does
 a tool exist that one can use to size the CPU and RAM requirements for a given usage scenario?

I
 understand that the amount of both CPU and RAM is very dependent on a few factors such as:

Number
 of rules to execute
The
 complexity of the rules used
Link
 utilization
Processor
 speed
...
 and several others

But
 it seems that given a few inputs one could make a fairly accurate assessment of the necessary hardware if only a few 
variables were known.

For
 example:  What kind of server would I need to inspect 100Mb/sec of traffic using a minimal rule set? What about the HW 
I would need to do the same with the default rule set. ( I know, tuning your snort server is VERY important.)

If
 one could measure how many CPU cycles it takes to run a single packet through the minimal or default rule set then the 
rest of this calculation becomes simple in so far as the CPU is concerned.

Memory
 is so cheap these days that it you can just throw memory at the problem until the problem goes away, unless you are 
virtualizing then memory/CPU allocation is the name of the game.

If
 no tool is available I would be interested in developing one if the community thinks it is a useful endeavor.

I
 am new to snort, and a tool like this would be VERY helpful to me as a newcomer.  What do you guys think?



As far as I know, no tool exists like that, and yes, it would be very useful, and it wouldn't be hard and fast, it 
would be a very loose estimate.



--

Joel Esler

Senior Research Engineer, VRT

OpenSource Community Manager

Sourcefire




------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to 
tackle endpoint security challenges, access the full report. 
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!