[Bro] Network capture cards -- your experience

Joel Ebrahimi jebrahimi at bivio.net
Fri Sep 12 16:20:16 PDT 2008 

Hi Matt,

I know there has been work with Bro in the past but I do not know to
what extent nor do I have any past information. I come from an
open-source/security background and my roll at Bivio is solutions
engineer. Since I have been here I have worked to make a number of
open-source tools into Bivio packages that work natively.

Bro is one of the ones I have had a chance to work on. We do have
customers who are currently using Bro on our platform and are quite
happy with the results.

I Hope that answers you question. My goal is not to "market" to this
list so if you have questions about our solutions or what native
applications we offer feel free to drop me an email directly.

// Joel 





-----Original Message-----
From: bro-bounces at ICSI.Berkeley.EDU
[mailto:bro-bounces at ICSI.Berkeley.EDU] On Behalf Of Matt Cuttler
Sent: Friday, September 12, 2008 3:55 PM
To: bro at bro-ids.org
Subject: Re: [Bro] Network capture cards -- your experience


On 9/12/08 5:43 PM, "Joel Ebrahimi" <jebrahimi at bivio.net> wrote:

> Hi Jason,
> 
> I work for Bivio Networks and we have deployed Bro on our hardware and
> achieved multi-gig monitoring throughput. Our hardware is a specialty
> networking appliance and not commodity hardware with an accelerator
> card.
> 
> Our appliance is a Linux based operating system with a distributed
> multi-core architecture. In the system I ran testing on this on it was
a
> 12 core system. Our systems can actually be daisy chained together
using
> a backplane cable, which would provide more cores for more horsepower.
> 
> The configuration of Bro, size of the packets, and type of traffic
that
> is sent to the system can have significant impact on processing
> throughput.  In most of the tests I ran I saw performance between
> 500Mb/s to 6Gb/s.
> 
> Im not really sure if that is information you are looking for but its
> another option for high speed bro processing.


Joel,

Please understand that this post is not intended to be antagonistic in
any
way, but I remember Bivio claiming to (briefly) natively support Bro
(with a
custom and/or pre-compiled and/or optimized-for-hardware version; IIRC
it
was called "Brooklyn").

Policy prevents me from publicly endorsing any product/service/vendor
(etc..). I will say, though, that your appliances perform appx. as well
as
the sales documents claim they do, in real-world use.

Which brings me to my question: is there a resurgence in Bro interest
within
your company? Or are you simply stating above that you have a platform
which
can run a NIDS stack at high speeds?

Public or private reply is O.K.

Thanks,
Matt Cuttler

_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list