[Bro] linux vs freebsd

Ken Gunderson kgunders at teamcool.net
Wed Dec 3 14:58:16 PST 2008

On Wed, 2008-12-03 at 12:39 -0800, Vern Paxson wrote:
> > My understanding has always been that performance is
> > much better under FreeBSD due to the way bpf is implemented
> Historically that's been true.
> > but is it
> > workable on Linux as well? Anyone had experience with a production Bro box
> > on Linux?
> One of our production Bro boxes is running Linux.  It occasionally drops
> packets under a not very heavy load (it's monitoring a 100 Mbps link that's
> not used heavily), but so far I haven't been able to correlate these with
> a particular cause such as high-rate traffic spikes.
> That said, we continue to use FreeBSD for our very-high-performance
> (1-10 Gbps) systems.  I don't know whether the Linux packet capture has
> improved to where it could also take on these loads (that would of course
> require that the drops seen on the 100 Mbps link aren't due simply to
> packet rate).  Linux is supposed to have gotten quite a bit better in
> this regard.

OpenBSD would be an attractive option but the last I checked the way
back machine bro had issues on OBSD...  Curious if anyone been doing
anything in this regard more recently? 

Ken Gunderson <kgunders at teamcool.net>

