[Bro] Endace DAG
Mike Patterson
mike.patterson at uwaterloo.ca
Tue May 15 08:59:16 PDT 2018
I don't know how useful my contribution here is, but...
Yes, I have a 9.2X2 we purchased in 2010, now in its second server and fourth or fifth Bro install. Obviously having kept it this long, I don't have many complaints. At the same time, I don't find a whole lot of difference between it and the Intel X520s we have deployed with PF_RING (and one of our newer PF_RING installations is outperforming the DAG). That said, I've spent more time playing with the X520s, so it's possible the DAG could outperform them with equivalent TLC (and also obviously this is an older card) - but X520s are older nowadays too.
I haven't tried the bro-pkg for the DAG yet, although once I've got some free time (hahaha) I would very much like to give it a try. Also YMMV quite a bit depending on the hardware you're marrying to your NICs, your real-world network traffic, specific distribution/kernel version, etc etc etc.
And I expect that at least one regular list contributor might suggest you try AF_PACKET with your Intels. :)
Mike
> On May 15, 2018, at 11:39 AM, Carl Rotenan <carlrotenan at gmail.com> wrote:
>
> Is anyone using the Endace DAG cards? I looking for the performance gains over using PF_RING and off the shelf Intel cards. Ultimately I'm looking for the best file extraction performance that can be achieved. Thanks in advance.
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list