[Bro] 10 Gb capable Bro cluster

Patrick Storm storm at tacc.utexas.edu
Fri Apr 3 08:40:56 PDT 2015


Earl,

We have a cluster that is capable of processing 10Gb/sec.

3x worker nodes:
- Dell R730
- Dual E5-2690 v3 CPUs
- 128Gb of RAM
- 1x Myricom card with Sniffer license ( 10G-PCIE2-8C2-2S+SNF3)

We run a proxy on our master node, and on each of the worker nodes. On each of the worker nodes we run 22 worker threads.

We found that setting a 32Gb buffer for Myricom to use does a lot to help out with bursts when Bro can’t keep up.

Let me know if you have any other questions.

Patrick Storm
Texas Advanced Computing Center – UT Austin


From: Earl Eiland
Date: Thursday, April 2, 2015 at 4:52 PM
To: "bro at bro.org<mailto:bro at bro.org>"
Subject: [Bro] 10 Gb capable Bro cluster

Has anyone built a Bro cluster capable of processing packets at 10Gb/sec?  If so, what hardware did you use?

Best Regards,

Earl Eiland,
Sr. Cyber Security Engineer,
Emerging Technologies, root9B,
San Antonio, Texas

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity named.  If you are not the named addressee you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.  Please notify the sender immediately by email if you received this email in error and delete this email from your system. Any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of root9B LLC.​

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150403/9e4b5aca/attachment.html 


More information about the Bro mailing list