[Snort-users] IPtables QUEUE performance numbers from Ixia

Brad Doctor brad at ...13458...
Thu Aug 25 12:45:27 EDT 2005


Forgot to mention that the QUEUE stuff is an L2 bridge whereas the
Divert stuff is all NAT'ed because bridging support isn't done yet /
won't be done for Divert.  So those numbers should increase due to the
inherent overhead of NAT if it were capable of bridging.
-brad


Brad Doctor wrote:

> Will Metcalf asked if anyone had done this sort of testing.
>
> The server is a dual opteron 875 dual-core (2.2gHz, 1Mb L2), Tyan
> S2895KWE (2 x16 full-speed PCIE).  Two SysKonnect PCI-E NICs, the
> SK-9E22.  One RAID-0 disk subsystem (hdparm -t reports 105MB on
> average), memory is crucial, whatever the max speed memory for this
> thing is.
>
> Kernel is 2.6.11.10 and/or 2.6.12.3 -- no differences in performance.
>
> The software is Ixia ixChariot, the endpoints are very fast devices
> that will sustain 980Mbps bridged through this box all day long with
> very little variation.
>
> So, some numbers:
>
> IPtables QUEUE, full ruleset of about 2700 or so - no PCRE:
>
> TPUT:
> Avg: 273.299
> Min: 270.270
> Max: 275.862
>
> IPtables QUEUE, zero ruleset of 0 rules:
>
> TPUT:
> Avg: 388.389
> Min: 284.698
> Max: 400.00
>
> One other thing that is kind of not progressing any more due to the
> NFQUEUE work being done for future kernels is the divert sockets for
> linux (http://sourceforge.net/projects/ipdivert).  Some numbers from that:
>
> DIVERT, full ruleset of about 2700 or so - no PCRE (same as above, in
> fact same binary as above):
>
> TPUT:
> Avg: 312.940
> Min: 162.602
> Max: 331.95
>
> DIVERT, no rules:
>
> TPUT:
> Avg: 414.910
> Min: 139.130
> Max: 484.849
>
>
> Hope this helps - let me know if you have any questions or need more
> information.  Happy to provide.
>
> -brad
> --
> *Brad Doctor, CISSP**
> Director, Security Research*
> *Stillsecure*
>
> 303-381-3807 Direct
> 303-381-3881 Fax
>
> www.stillsecure.com <http://www.stillsecure.com>
> /Reducing your risk has never been this easy/
> . . .
> /The information transmitted is intended only for the person
> to whom it is addressed and may contain confidential material.
> Review or other use of this information by persons other than
> the intended recipient is prohibited. If you've received
> this in error, please contact the sender and delete
> from any computer. /
>
>

--
*Brad Doctor, CISSP**
Director, Security Research*
*Stillsecure*

303-381-3807 Direct
303-381-3881 Fax

www.stillsecure.com <http://www.stillsecure.com>
/Reducing your risk has never been this easy/
. . .
/The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer. /


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050825/8e87609f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050825/8e87609f/attachment.sig>


More information about the Snort-users mailing list