Hardware for pass 10G traffic
85 views
Skip to first unread message
nima chavooshi
Sep 21, 2011, 5:37:39 AM9/21/11
to meta...@googlegroups.com
Hi
I want to setup snort in inline mode and pass 10G traffic. What hardware do you suggest for this deployment ?
Thanks in advance
Timothy Covel
Sep 21, 2011, 1:45:02 PM9/21/11
to meta...@googlegroups.com
We looked at two possible 10G deployment options in the past:
Single System:
1 10gig NIC; 2 X Intel Xeon X5650 Westmere 2.66GHz LGA 1366 95W Six-Core Server
Processor; Kingston 12GB (6 x 2GB) 240-Pin DDR3 SDRAM DDR3 1333 ECC; 4 X Seagate Barracuda ST31000524AS 1TB 7200 RPM SATA 6.0Gb/s 3.5" Internal Hard Drive
Load Balanced System:
4 1u rackmounts with 4GB RAM, 250G disk, Intel i7 processor, 2x1G Ethernet
1 NIAGARA 4208-1SR-4TX1 10Gb Load balancer
Single System:
1 10gig NIC; 2 X Intel Xeon X5650 Westmere 2.66GHz LGA 1366 95W Six-Core Server
Processor; Kingston 12GB (6 x 2GB) 240-Pin DDR3 SDRAM DDR3 1333 ECC; 4 X Seagate Barracuda ST31000524AS 1TB 7200 RPM SATA 6.0Gb/s 3.5" Internal Hard Drive
Load Balanced System:
4 1u rackmounts with 4GB RAM, 250G disk, Intel i7 processor, 2x1G Ethernet
1 NIAGARA 4208-1SR-4TX1 10Gb Load balancer
livio
Oct 25, 2011, 8:17:41 PM10/25/11
to Metaflows
Hi, I wanted to give some recent, detailed performance number on the
10G appliance. We have done
some extra work to optimize its processing using Luca Deri's Direct
Nic Access (DNA) driver (5.1). The results are impressive.
New numbers using the Intel icc compiler are very encouraging. We
found that a 2 processor X5670 system can easily
sustain 5 Gbps. We run some academic traces with 4 different Snort
EmergingThreats Pro rule configurations and we are seeing < 5%
drop rate with up to 6900 rules. We are going to publish these
results through the snort and ntop mailing list soon; with
instructions on how
to reproduce the numbers. In the meantime, let me know if you have any
questions.
Livio.
10G appliance. We have done
some extra work to optimize its processing using Luca Deri's Direct
Nic Access (DNA) driver (5.1). The results are impressive.
New numbers using the Intel icc compiler are very encouraging. We
found that a 2 processor X5670 system can easily
sustain 5 Gbps. We run some academic traces with 4 different Snort
EmergingThreats Pro rule configurations and we are seeing < 5%
drop rate with up to 6900 rules. We are going to publish these
results through the snort and ntop mailing list soon; with
instructions on how
to reproduce the numbers. In the meantime, let me know if you have any
questions.
Livio.
Diego Vargas
Oct 25, 2011, 9:29:40 PM10/25/11
to meta...@googlegroups.com
Contracts Livio.. Very exciting work!
Reply all
Reply to author
Forward
0 new messages