[Bro] Hardware Experience

Aashish Sharma aashish at uiuc.edu
Wed May 27 21:21:00 PDT 2009 

Hi Sean:

Back in 2006 we got 4 Dag 6.2SE cards to monitor our 10G links. During the time we were running firmware 2.5.7.5. on the cards. We had real hard time keeping Bro running reliably in a sustained manner using Dag cards.  We encountered a lot of issues - including lack of drivers, lack of built in support for libpcap, crashing of Bro repeatedly, heating up and crashing of system as well. 

In fact, Robin helped us quite a bit and even wrote drivers and support for Dag in Bro.  Endace support was prompt too and they provided us with a new modified firmware but not much changed. 

During all that time, For production Bro we relied on a pair of Intel 10G cards while we resolve this issue with Dag cards (spent considerable time trying to get this working),

All in all, we had lot of issues running Dag capture cards reliably. Eventually, we gave up and got Myricom 10G cards.  We have been quite happy with Myricom cards and have not encountered any issues since. 

Hope this helps,

Aashish Sharma 
NCSA 


On Wed, May 27, 2009 at 02:54:39PM -0600, Sean McCreary wrote:
> I'd be careful about purchasing 10G NICs for packet capture.  I have not
> been able to configure a FreeBSD 6.3 system with a Myricom Myri-10G NIC
> to reliably capture traffic on a lightly loaded link (~2Mb/s, ~240
> kpps).  One option I'm interested in trying is the Endace DAG,
> <http://www.endace.com/dag-network-monitoring-cards.html>.  Does anyone
> have experience using these cards with bro?
> 
> Nick Buraglio wrote:
> > Good afternoon, list.  I'm hoping to get a quick opinion on some  
> > hardware.  I've done some brief looking and not really found what I'm  
> > seeking so I'll post here in hopes that one of you can share some  
> > experience.
> > I'm exploring deployment of some Bro boxes and was hoping to leverage  
> > a great deal that Sun is offering to get the hardware.  I know that  
> > the boxes can do what I need them to do, as I've worked on Bro  
> > implementations elsewhere.  What I'd really like to know is if anyone  
> > has used the Sun (Intel Chipset 82598) dual port 10g cards?  They're a  
> > decent savings of capitol, but I'd rather just spend the money to get  
> > the cards I'm used to (single port 10g Intel or Myricom) if the dual  
> > port cards behave strangely or are a time-vortex to get working.
> > I'm making an assumption that the dual port cards operate similar to  
> > the single port cards.  Has anyone used these in a bro deployment?
> > 
> > 
> > Thanks,
> > nb
> > ---
> > Nick Buraglio
> > Network Engineer, CITES, University of Illinois
> > GPG key 0x2E5B44F4
> > Phone: 217.244.6428
> > buraglio at illinois.edu
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list