[Snort-users] Box Size Vs Packet loss.

Dragos Ruiu dr at ...381...
Sun Oct 8 17:18:24 EDT 2000


On Fri, 06 Oct 2000, F.M. Taylor wrote:
> I ordered a P733 w 256MB and 3c905 specifically for the sole purpose of
> running snort.  I am going to put this box on a hub between our border
> router and first switch. 100MB Lan and a T3.  What kind of packet loss can
> I expect at the full 45M of the T3.

That will be dependent on rules and preprocessors enabled... but I believe that
Marty has run some tests on his Celeron 433 that showed that with the default
snort-lib set no significant packet loss occurs until well past 155Mbps, so you
should be fine...

If you're really worried about it... throw more RAM in to buffer busy bursts....
But the specs you have should be more than adequate for that rate IMHO.

I regularly run snorts with ~1500-1600 rules on P2-400s at sustained rates in
excess of 40Mbps with no appreciable packetloss.  My traffic isn't typical of
backbone ISP traffic, but this should be a good indicator that you won't have
problems.

cheers,
--dr

 -- 
Dragos Ruiu <dr at ...50...>   dursec.com ltd. / kyx.net - we're from the future 
gpg/pgp key on file at wwwkeys.pgp.net



More information about the Snort-users mailing list