[Bro] Myricom and Bro... show of hands for successful deployments on 10G links (with > 5Gpbs)
kyle.creyts at gmail.com
Fri Aug 22 12:09:46 PDT 2014
check your memory bandwidth:
On Fri, Aug 22, 2014 at 11:44 AM, Vlad Grigorescu <vlad at grigorescu.org> wrote:
> Hi Harry,
> Can you expand on "allowing both capture and writing to disk?" Carnegie
> Mellon runs a Bro cluster with Myricom NICS, which works well. However, the
> manager is on a box that doesn't have any workers on it (and thus doesn't
> receive any traffic), so I haven't had any I/O contention from network
> traffic and log writing. Is that what you're referring to?
> We're seeing about 16 Gbps and dropping < 1% (around 0.1% most of the time,
> I believe). That's split up over 4 rather beefy boxes, though.
> On Thu, Aug 21, 2014 at 10:26 AM, Harry Hoffman <hhoffman at ip-solutions.net>
>> Hi All,
>> So, I’m writing to hopefully get a show of hands from those of your out
>> there who’ve employed Myricom cards to capture packets on your 10G links.
>> I’ll start by saying that while the myricom cards we have in place do a
>> fine job of capturing I’ve been unable to find the secret sauce that allows
>> both capture and writing to disk in a way that doesn’t drop significant
>> amounts of packets using either bro, tcpdump, snort, suricata.
>> For those of you out there using myricom cards in conjunction with your
>> favorite tools (bro of course ;-) ) can you let me know what data rate your
>> Myricom cards are seeing and what (assuming some) percentage of packets you
>> are dropping?
>> If you aren’t dropping anything I’d love to know more about your setup!
>> Bro mailing list
>> bro at bro-ids.org
> Bro mailing list
> bro at bro-ids.org
Information Assurance Professional
More information about the Bro