[Bro] PF_Ring and Bro - packet loss
Jason Williams
jwilliams at emergingthreats.net
Fri Sep 11 12:07:24 PDT 2015
Nathanael,
Just from initial glance you may want to allocate more slots in pfring...
Min Num Slots : 4096
Bucket Len : 8192
Slot Len : 8224 [bucket+header]
Tot Memory : 33697792
Tot Packets : 153298629
Tot Pkt Lost : 60413245
Tot Insert : 92885384
Tot Read : 92829402
Insert Offset : 3522336
Remove Offset : 3537608
Num Free Slots : 0 <--------------
maybe
modprobe pf_ring enable_tx_capture=0 min_num_slots=32768
On Fri, Sep 11, 2015 at 1:38 PM, nathanael rayborn <
nathanael.rayborn at gmail.com> wrote:
> I'm experiencing high packet loss (15% -50%) with Bro 2.4 compiled with
> PF_Ring. PFcount (pfcount -i eth0 -e 1) shows 0% packet loss while
> /proc/net/pf_ring/PID shows the same number of dropped packets as broctl
> netstats. The github link contains all changes and performance steps I've
> taken so far along with output from PFcount, broctl, and ethtool. Has
> anyone else experienced similar performance issues or have recommendations
> to get my dropped packets as close to 0% as possible? Thanks
>
>
> Current config - https://gist.github.com/nate-ray/8b4d03eab49d11715398
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150911/3bd0d964/attachment.html
More information about the Bro
mailing list