[106141] in North American Network Operators' Group
Re: Software router state of the art
daemon@ATHENA.MIT.EDU (Kevin Oberman)
Wed Jul 23 16:00:11 2008
To: "William Herrin" <herrin-nanog@dirtside.com>
In-Reply-To: Your message of "Wed, 23 Jul 2008 14:17:53 EDT."
<3c3e3fca0807231117u27d01471pf5b88edca4ae729f@mail.gmail.com>
Date: Wed, 23 Jul 2008 12:59:52 -0700
From: "Kevin Oberman" <oberman@es.net>
Cc: Naveen Nathan <naveen@lastninja.net>, nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1216843192_19080P
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
> Date: Wed, 23 Jul 2008 14:17:53 -0400
> From: "William Herrin" <herrin-nanog@dirtside.com>
>
> On Wed, Jul 23, 2008 at 2:03 PM, Naveen Nathan <naveen@lastninja.net> wrote:
> >> The Endace DAG cards claim they can move 7 gbps over a PCI-X bus from
> >> the NIC to main DRAM. They claim a full 10gbps on a PCIE bus.
> >
> > I wonder, has anyone heard of this used for IDS? I've been looking at
> > building a commodity SNORT solution, and wondering if a powerful network
> > card will help, or would the bottleneck be in processing the packets and
> > overhead from the OS?
>
> The first bottleneck is the interrupts from the NIC. With a generic
> Intel NIC under Linux, you start to lose a non-trivial number of
> packets around 700mbps of "normal" traffic because it can't service
> the interrupts quickly enough.
Most modern high performance network cards support MSI (Message Signaled
Interrupts) which generate real interrupts only in an intelligent
basis. and only at a controlled rate. Windows, Solaris and FreeBSD have
support for MSI and I think Linux does, too. It requires both hardware
and software support.
With MSI, TSO, LRO, and PCI-E with hardware that supports these, 9.5
Gbps TCP flows between systems is possible with minimal tuning. That
puts the bottleneck back on the forwarding software in the CPU to do
the forwarding at high rates.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
--==_Exmh_1216843192_19080P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Exmh version 2.5 06/03/2002
iD8DBQFIh424kn3rs5h7N1ERAgJSAJ42tO2u6mi/BK8nfx37vCCLpodVyQCfR7Hy
yinGBW/n2iws0El8zHyRQCE=
=09nU
-----END PGP SIGNATURE-----
--==_Exmh_1216843192_19080P--
