[76220] in North American Network Operators' Group
Re: using sniffer on high-bandwidth pipes
daemon@ATHENA.MIT.EDU (Bruce Pinsky)
Fri Dec 3 11:34:15 2004
Date: Fri, 03 Dec 2004 08:30:46 -0800
From: Bruce Pinsky <bep@whack.org>
Reply-To: bep@whack.org
To: Steve Francis <sfrancis@fastclick.com>
Cc: todd romero <todd@routeflap.net>, nanog@nanog.org
In-Reply-To: <41B08F6B.3090103@fastclick.com>
Errors-To: owner-nanog-outgoing@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Steve Francis wrote:
|
| It probably depends more on pps than bandwidth.
| At a prior job, I used FreeBSD 4.x machines to capture over 400,000 pps,
| I think, on gigabit links.
| You need a nic that is supported with one of the device polling drivers
| to keep CPU manageable. (Intel, not yet broadcom.)
|
| FreeBSD far surpassed Solaris in packet capture performance.
|
| Linux 2.6 machines may do OK, using NAPI - but I've no experience with
| that.
|
Eric Weigle and Wu-Chen Feng presented a paper at PAM2002 entitled
"TICKETing High-Speed Traffic with Commodity Hardware and Software"
where they showed collecting traffic at greater than 600Mbps and to 1Gbps
in some configurations. See http://public.lanl.gov/radiant/pubs.html#TICKET
- --
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
iD8DBQFBsJS1E1XcgMgrtyYRAsHiAKCRHj6cIEuxut3vcNMHZf+RIA3/QACg2txD
4fEavciBOTN4TwuigotN14c=
=VEBQ
-----END PGP SIGNATURE-----
