[Bro] Packet Drops

Tom OBrion hammadog at gmail.com
Thu May 3 18:10:40 PDT 2012

Need some thoughts from the LINUX/BRO gifted....


CPU: two - Intel(R) Xeon(TM) CPU 2.40GHz
MEM: 2gig
NIC's: Intel(R) PRO/1000 Network Driver - version 7.3.21-k8-NAPI

We  peak around 130mbps and at this time we are running around 10mbps.
 No matter what speed we run at we continue to drop packets.  We have
loaded pf_ring and load balanced across two NIC's based on Martin's
BLOG:  http://ossectools.blogspot.com/2011/09/bro-quickstart-cluster-edition.html

Only change I made was use an additional NIC in the node.cfg and not
the same one.

I have also made the follwoing NIC changes based on some threads I
found on SO and BRO lists.

ethtool -K eth0 rx off
ethtool -K eth0 tx off
ethtool -K eth0 sg off
ethtool -K eth0 tso off
ethtool -K eth0 gso off
ethtool -K eth0 lro off


echo 33554432 > /proc/sys/net/core/rmem_default
echo 33554432 > /proc/sys/net/core/rmem_max
echo 10000 > /proc/sys/net/core/netdev_max_backlog

as well as

Changed the MTU size on NIC's to match BRO

Still no love. I then went back to a standalone setup and the packet
drops are not as bad, but again we are running very low bandwidth at
this time.  Any ideas? Update NIC maybe?  Drop Kick G200 in dumpster!



More information about the Bro mailing list