[Snort-users] Hardware required for monitoring a DS3
erek at ...577...
Tue Oct 2 17:57:02 EDT 2001
On Tue, 2 Oct 2001 brandon at ...3618... wrote:
> We have a few DS3's and are averaging an aggregate of about 40MBit of them.
Ok, realize that you're pushing a helluva lot of traffic. The T1's aren't
your best choice. They run out of gas on that traffic rather quickly.
> I have recently been evaluating upgrading. We tried a Sun Netra T1/500MHz
> and it was slower than our existing P3/850Mhz. I also had some problems
> because it appeared to actually process less packets but did not record ANY
> lost packets, compared to our FreeBSD box on intel. With a few minute
> span each on the same hub recording the same data the Intel/BSD box
> recorded about 2.3mil packets with less than 1 % loss and the SUn
> recorded about 1.5 mil packets with zero loss. We have since
> disregarded the sun as a viable option. What we did end up deciding
> on was a Dual Athalon MP core at 1.2GHz. We are buying the eracks
> version (http://www.eracks.com).
What I would be interested in seeing is a comparison of (Solaris Sparc vs.
Solaris Intel) vs (OpenBSD/Sparc vs. OpenBSD/Intel) on the same sets of
hardware. I'm wondering if it's the OS that made the difference or the
platform. I'm running on Solaris 7 and not seeing any packets lost. Granted,
the sensors are spread out all over, and traffic is fairly segregated... I've
seen nothing like that. Was your ether interface taking a lot of errors? Or
was this just 'silent drops'?
More information about the Snort-users