[Bro] bro and pf_ring zc configuration success stories
Azoff, Justin S
jazoff at illinois.edu
Thu Sep 28 08:49:23 PDT 2017
> On Sep 28, 2017, at 11:12 AM, radek <radoslawc at gmail.com> wrote:
>
> Hi!
> Yes this was my initial setup (with dummy interfaces), I've used worker definition like you've suggested (pf_ring::dummy{0..19}) - before I was using interface=dummy{0..19}
> It works, with the same traffic replayed, netstats:
>
> https://gist.github.com/radoslawc/4ca4d2f8bb0e7a2e5763d53eb31b59de
>
> so almost no drops,
>
> capstats returns nothing with interface=pf_ring::dummy{0..19}, with interface=dummy{0..19} it worked, but that's not the issue.
>
> Here's htop btw:
> https://imgur.com/a/99ETo
>
Initially you said
> This is with traffic around 700 - 800 Mbit/s
Did you mean 700 megabits/sec or megabytes/sec ?
At 700 Mbits/sec I'd expect the load on 20 workers to be almost nothing. What model CPU is in this box?
> My question is with using dummy interfaces, doesn't it defeat purpose of zerocopy? It has to pass packets trough kernel to dummy interface.
It's what they recommend, so it's probably fine...
Another issue I see with your configuration is that you are passing -g=2 to zbalance_ipc, which tells it to bind to core 2. You should specifically bind zbalance_ipc and bro to different cores.
I'm also not sure what the -n=20,1 does and if that should just be -n=20.
> Also I've used worker definition for 20 of them:
>
> [worker-0]
> type=worker
> host=localhost
> interface=pf_ring::zc:27 at 0
> pin_cpus=1
>
> and result was identical as with using:
>
> [worker-0]
> type=worker
> host=localhost
> interface=zc:27
> lb_method=pf_ring
> lb_procs=20
>
Can you just run 4 workers and see how it works? You don't need 20 cores to handle 700mbit. I just checked one of our worker boxes that is currently getting around 4000mbit with 14 workers and the cpus are at about 70%
—
Justin Azoff
More information about the Bro
mailing list