[Bro] any experience on BRO into hardware
scott campbell
scampbell at lbl.gov
Wed Dec 13 10:58:57 PST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There have been a number of efforts along these lines, but most of them
have focused less on taking the entire bro entity (or more likely the
event engine side) and punting it all into hardware.
In no particular order, you may want to look at:
http://www.icir.org/vern/papers/hotsec06.pdf
also Nick Weaver at ICIR may have some insight.
There has been significantly more work done on taking the bpf burden off
a host and running that in hardware. There are several different
companies that have products for this, but one that I have personal
experience with is the Force 10 P10 device. There is also a 1 gig
version as well.
In general I suspect that there is less to gain by running the entire
application on ASIC - there is still a considerable burden associated
with memory bandwidth and state maintenance. On the other hand if a
more knowledgeable person on this list has a different opinion, I would
be happy to recant.
Hopefully this is a little helpful?
thanks,
scott
Jules wrote:
> Hi Scott
>
> That's what I meant. I was talking about something like ASIC or FPGA.
>
> thanks
>
>
> -----Original Message-----
> From: scott campbell [mailto:scampbell at lbl.gov]
> Sent: 12 December 2006 18:45
> To: Jules
> Cc:
> Subject: Re: [Bro] any experience on BRO into hardware
>
> Jules wrote:
>>> Hi All
>>>
>>>
>>>
>>> Just wondering if someone has an experience compiling Bro into Hardware?
>>>
>>>
>>>
>>> Thanks
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> Are you asking about some sort of pcap/bpf in hardware offloading, an
> actual implementation of bro on dedicated hardware (like an ASIC), or
> something else?
>
> thanks!
>
> scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
iD8DBQFFgE1wK2Plq8B7ZBwRApACAKCaRcX9Mi6S90D90+HAGwzvaulkfgCfcKoy
5IpHpbMjUrf1o/sq+E63ovE=
=4DPf
-----END PGP SIGNATURE-----
More information about the Bro
mailing list