Snort mailing list archives
Re: Using Endace DAG vs commodify NICs
From: Rob MacGregor <rob.macgregor () gmail com>
Date: Thu, 08 Oct 2015 19:29:18 +0000
On Thu, Oct 8, 2015 at 11:06 AM Evgeniy Sudyr <eject.in.ua () gmail com> wrote:
Hi, I'm planned to evaluate Endace DAG card and even got DAG 7.5G4 from Ebay seller in Germany, but after that figured that they runs only with propietary drivers and firmware and drivers were not included in box and support subscription was expired in 2011. Means I got HW which is not works and paying ~ 700 EUR for getting updated driver and firmware make not much sense (to get support contract from Emulex). It will be great if someone from snort users or developers can share some Endace DAG experience, where most interesting for me is how CPU offloading looks in real world usage scenarios. Second question is shorter version of previous one - does it make any big difference to use DAG cards instead of just commodity NICs?
"It depends" ;) I find cards like this enable you to run a larger/less tuned ruleset than you might otherwise be able to run. Where they support load balancing then you can use them to spread the traffic across multiple (snort) processes, or you can use the traffic cloning to ensure that Snort, your packet capture program and so on all get identical streams. If you're willing and able to put the effort in to tuning your install and ruleset then you may find that a more cost effective (free other than your time) alternative. Where you have less control over the quality of your rules, these types of cards are very useful IMO. Note - it's been many years since I used DAG cards with Snort. -- Rob MacGregor
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Using Endace DAG vs commodify NICs Evgeniy Sudyr (Oct 08)
- Re: Using Endace DAG vs commodify NICs Rob MacGregor (Oct 08)
- Re: Using Endace DAG vs commodify NICs Evgeniy Sudyr (Oct 09)
- Re: Using Endace DAG vs commodify NICs Rob MacGregor (Oct 10)
- Re: Using Endace DAG vs commodify NICs Evgeniy Sudyr (Oct 09)
- Re: Using Endace DAG vs commodify NICs Rob MacGregor (Oct 08)