[Bro] linux vs freebsd

Vern Paxson vern at icir.org
Wed Dec 3 12:39:26 PST 2008

> My understanding has always been that performance is
> much better under FreeBSD due to the way bpf is implemented

Historically that's been true.

> but is it
> workable on Linux as well? Anyone had experience with a production Bro box
> on Linux?

One of our production Bro boxes is running Linux.  It occasionally drops
packets under a not very heavy load (it's monitoring a 100 Mbps link that's
not used heavily), but so far I haven't been able to correlate these with
a particular cause such as high-rate traffic spikes.

That said, we continue to use FreeBSD for our very-high-performance
(1-10 Gbps) systems.  I don't know whether the Linux packet capture has
improved to where it could also take on these loads (that would of course
require that the drops seen on the 100 Mbps link aren't due simply to
packet rate).  Linux is supposed to have gotten quite a bit better in
this regard.


