[Snort-users] Snort + PF_RING + DAQ
livio at ...15149...
Tue Sep 4 18:54:19 EDT 2012
> CPU Binding is something important, QUEUE wise if you bind a snort
> process to the same network QUEUE
> then you can clearly start to benchmark. If you spread the network
> queue load on multiple CPU and do not bind process
> to the same CPU then your adding context switching in the mix which i
> think is bad at high throuput.
In pfring lingo this is called DNA and does give slightly better performance
which supports your claim:
We found, though, that with NAPI and letting the Linux scheduler loose
on 24 threads
works just as well but gives you much better flexibility (you can have
applications share the same interface for example which you cannot do
So, your theory is correct but it does not make a big enough difference,
(on our appliances).
And I doubt it would solve Peter's problem. But again, it is hard to
generalize and I might be wrong..
More information about the Snort-users