[Bro-Dev] snaplen and drops
Seth Hall
seth at icir.org
Thu Nov 3 06:40:11 PDT 2011
On Nov 3, 2011, at 9:05 AM, Lothar Braun wrote:
> H(srcIP, srcPort, dstIP, dstPort, proto)
>
> instead of something like
>
> H(srcIP + srcPort + dstIP + dstPort + proto)
Ugh.. Well that's annoying. So, I guess the best option currently with a commodity NIC is to still do the load balancing on the CPU? (with PF_RING or AF_PACKET since that seems to support load balancing now too we don't support it yet though)
>> Lately I've been very impressed with Myricom's sniffer drivers which do the hardware based load balancing and direct memory injection.
>
> Is this similar to the DNA driver that has been done by Luca Deri?
In a way since it does include the direct memory injection like the DNA drivers but it also does the multiqueue bidirectional flow based load balancing. I've just been very impressed with the myricom drivers because they're easy to install and start using. We need to make some small changes to broctl to properly support doing the load balancing with the myricom sniffer drivers, but nothing major.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list