[Bro] 10g Nic Cards

Bob Bregant II bregant2 at illinois.edu
Tue May 7 06:05:50 PDT 2013

That was my impression as well (you know because that's what it says on their website).  Unfortunately, the last time I tried to get a 10 Gb DNA license for my Intel X520 NIC, I wound up getting bounced to a Silicom rep who wanted $500/interface.  I pointed out the discrepancy and was told that this *was* the educational price and that because the 10 Gb DNA driver development had been subsidized by Silicom, Luca had no choice in the matter.  This was on March 7 of this year.

If you can get by without DNA (which provides a definite performance boost) or are using a slower interface, maybe you won't run into this.  It sounds like it might not be an issue if you buy your cards from Silicom, either.  But do be aware that at present there are configurations that can wind up hitting you with that kind of hidden cost, which may wind up favoring another vendor.

Hopefully, Silicom will change their minds on this.


Bob Bregant II
Office of Privacy and Information Assurance
University of Illinois at Urbana-Champaign

Harry Hoffman <hhoffman at ip-solutions.net> wrote:

>I believe the pf_ring stuff is free for .edu usage :-)
>-------- Original Message --------
>From: Vlad Grigorescu 
>Sent: Mon, May 6, 2013 07:09 PM
>To: Slagell, Adam J 
>CC: bro at bro.org
>Subject: Re: [Bro] 10g Nic Cards
>On May 6, 2013, at 5:35 PM, "Slagell, Adam J" wrote: 
>> But you need to pay for the sniffing driver to really make use of
>This is actually the same for Intel NICs as well. If you go the Intel
>route, you'll probably want a similar license for ntop's PF_RING + DNA
>driver and the price comes out to be just about the same as Myricom[1].
>You can opt to not get this license, but performance will suffer.
>Research and educational networks used to get an exemption from ntop
>license fees, however this is no longer the case for PF_RING + DNA
>since development was subsidized by Silicom. If you get a dual-port
>NIC, the difference becomes even more exaggerated, as the ntop license
>is $261 *per port* as opposed to the $295 *per card* Myricom license. 
>Other advantages of the Myricom cards is that they're easier to work
>with and a bit faster. The Myricom sniffer driver doesn't require
>special privileges to sniff traffic, so you don't have to do funky
>setcap stuff - it "just works," even if you don't run Bro as root. From
>a simple test that someone at a large university ran, pitting a Myricom
>card with the Myricom sniffer driver against an Intel card with the
>top-of-the-line ntop driver (PF_RING + DNA + libzero - a $500 license),
>the Myricom card was better performing. 
>Hope that provides some insight into why we went with Myricom, at
>--Vlad Grigorescu 
>Senior Information Security Engineer 
>Carnegie Mellon University 
>[1] - Using CDW prices, Myricom + 10G short-range optics + license is
>$864.98, while Intel x540 + 10G short-range optics + license is
>Bro mailing list 
>bro at bro-ids.org 
>Bro mailing list
>bro at bro-ids.org

More information about the Bro mailing list