[Bro] 10Gbps bro + netmap + ixgbe + lb?
michalpurzynski1 at gmail.com
Mon Nov 27 05:21:08 PST 2017
Do you have to use net map?
> On Nov 27, 2017, at 1:58 PM, Alexander Zatserkovniy <avz at dvo.ru> wrote:
> I have a Bro cluster on a 2xE5-2660 with 64GB RAM. The traffic comes via
> a 10Gbps port of an Intel 82599ES (it's not cleared from FIN_storms and
> so on). I use Netmap with the Netmap ixgbe drivers and lb. lb and Bro
> workers pinned to cores. The interface offloads are turned off (ethtool
> -L eth0 combined 1; ... ). The basic installation (1xlb, 20 cores for
> Bro) begins drops packets hard near 7Gbps (~900Kpps). It looks like the
> bottleneck was the lb (100% the core usage and it shows drops). Lite lb
> optimisation ( I unify the loops in sym_hash_fn) doesn't help too much.
> I try the following lb pyramid:
> lb -i eth0 -B10000 -p bro:2 -o 60
> lb -i netmap:bro}0 -B10000 -p broa:13 -o 60
> lb -i netmap:bro}1 -B10000 -p brob:13 -o 60
> and :
> in node.cfg .
> Now I can get up to 8Gbps (~1000Kpps) without a lot of losses.
> But is it possible to get full 10Gbps on a port with netmap and lb on a
> host like mine? How to offload lb?
> Alexander Zatserkovnyy
> Bro mailing list
> bro at bro-ids.org
More information about the Bro