Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] IPtables QUEUE performance numbers from Ixia

from [Brad Doctor] Network Security [Permanent Link]
Subject: Re: [Snort-users] IPtables QUEUE performance numbers from Ixia
Date: Thu, 25 Aug 2005 13:43:59 -0600 
Forgot to mention that the QUEUE stuff is an L2 bridge whereas the
Divert stuff is all NAT'ed because bridging support isn't done yet /
won't be done for Divert.  So those numbers should increase due to the
inherent overhead of NAT if it were capable of bridging.
-brad


Brad Doctor wrote:

Will Metcalf asked if anyone had done this sort of testing.

The server is a dual opteron 875 dual-core (2.2gHz, 1Mb L2), Tyan
S2895KWE (2 x16 full-speed PCIE).  Two SysKonnect PCI-E NICs, the
SK-9E22.  One RAID-0 disk subsystem (hdparm -t reports 105MB on
average), memory is crucial, whatever the max speed memory for this
thing is.

Kernel is 2.6.11.10 and/or 2.6.12.3 -- no differences in performance.

The software is Ixia ixChariot, the endpoints are very fast devices
that will sustain 980Mbps bridged through this box all day long with
very little variation.

So, some numbers:

IPtables QUEUE, full ruleset of about 2700 or so - no PCRE:

TPUT:
Avg: 273.299
Min: 270.270
Max: 275.862

IPtables QUEUE, zero ruleset of 0 rules:

TPUT:
Avg: 388.389
Min: 284.698
Max: 400.00

One other thing that is kind of not progressing any more due to the
NFQUEUE work being done for future kernels is the divert sockets for
linux (http://sourceforge.net/projects/ipdivert).  Some numbers from that:

DIVERT, full ruleset of about 2700 or so - no PCRE (same as above, in
fact same binary as above):

TPUT:
Avg: 312.940
Min: 162.602
Max: 331.95

DIVERT, no rules:

TPUT:
Avg: 414.910
Min: 139.130
Max: 484.849


Hope this helps - let me know if you have any questions or need more
information.  Happy to provide.

-brad
--
*Brad Doctor, CISSP**
Director, Security Research*
*Stillsecure*

303-381-3807 Direct
303-381-3881 Fax

www.stillsecure.com <http://www.stillsecure.com>
/Reducing your risk has never been this easy/
. . .
/The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer. /



--
*Brad Doctor, CISSP**
Director, Security Research*
*Stillsecure*

303-381-3807 Direct
303-381-3881 Fax

www.stillsecure.com <http://www.stillsecure.com>
/Reducing your risk has never been this easy/
. . .
/The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer. /


Attachment: signature.asc
Description: OpenPGP digital signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Re: BASE vs. ACID Quick Question, John Creegan
Next by Date:  RE: [Snort-users] Almost there! Complaining about no MySQL support after recompiling with --with-mysql, Chris W. Parker
Previous by Thread:  [Snort-users] IPtables QUEUE performance numbers from Ixia, Brad Doctor
Next by Thread:  [Snort-users] Signature has generate alert without match with the packet, Diego Cavalcante Fernandes
Indexes:  [Date] [Thread] [Top] [All Lists]