nanog mailing list archives
Re: Software router state of the art
From: "William Herrin" <herrin-nanog () dirtside com>
Date: Wed, 23 Jul 2008 14:17:53 -0400
On Wed, Jul 23, 2008 at 2:03 PM, Naveen Nathan <naveen () lastninja net> wrote:
The Endace DAG cards claim they can move 7 gbps over a PCI-X bus from the NIC to main DRAM. They claim a full 10gbps on a PCIE bus.I wonder, has anyone heard of this used for IDS? I've been looking at building a commodity SNORT solution, and wondering if a powerful network card will help, or would the bottleneck be in processing the packets and overhead from the OS?
The first bottleneck is the interrupts from the NIC. With a generic Intel NIC under Linux, you start to lose a non-trivial number of packets around 700mbps of "normal" traffic because it can't service the interrupts quickly enough. The DAG card can be dropped in to replace the interface used for a libpcap-based application. When I tested the 1gbps PCIE version, I lost no packets to 1gbps and my capture application's CPU usage dropped to about 1/5th of what it was with the generic NIC. YMMV. Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: Software router state of the art, (continued)
- Re: Software router state of the art Rev. Jeffrey Paul (Jul 28)
- Re: Software router state of the art Andrew D Kirch (Jul 28)
- Re: Software router state of the art Seth Mattinen (Jul 28)
- Re: Software router state of the art Joe Greco (Jul 28)
- Re: Software router state of the art Bill Nash (Jul 28)
- Re: Software router state of the art Florian Weimer (Jul 28)
- Re: Software router state of the art Naveen Nathan (Jul 23)
- Re: Software router state of the art Christopher Morrow (Jul 23)
- Re: Software router state of the art Wes Young (Jul 23)