[106135] in North American Network Operators' Group
Re: Software router state of the art
daemon@ATHENA.MIT.EDU (William Herrin)
Wed Jul 23 14:18:34 2008
Date: Wed, 23 Jul 2008 14:17:53 -0400
From: "William Herrin" <herrin-nanog@dirtside.com>
To: "Naveen Nathan" <naveen@lastninja.net>
In-Reply-To: <20080723180341.GB1967@armakuni.lastninja.net>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
On Wed, Jul 23, 2008 at 2:03 PM, Naveen Nathan <naveen@lastninja.net> wrote:
>> The Endace DAG cards claim they can move 7 gbps over a PCI-X bus from
>> the NIC to main DRAM. They claim a full 10gbps on a PCIE bus.
>
> I wonder, has anyone heard of this used for IDS? I've been looking at
> building a commodity SNORT solution, and wondering if a powerful network
> card will help, or would the bottleneck be in processing the packets and
> overhead from the OS?
The first bottleneck is the interrupts from the NIC. With a generic
Intel NIC under Linux, you start to lose a non-trivial number of
packets around 700mbps of "normal" traffic because it can't service
the interrupts quickly enough.
The DAG card can be dropped in to replace the interface used for a
libpcap-based application. When I tested the 1gbps PCIE version, I
lost no packets to 1gbps and my capture application's CPU usage
dropped to about 1/5th of what it was with the generic NIC. YMMV.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
