Date: Mon, 22 Sep 2014 17:12:11 +0200 From: Elof Ofel <elofu17@hotmail.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: How do I balance bandwidth over several virtual NICs? Message-ID: <DUB125-W13FDC584F5DF9881CF5FDEBCB30@phx.gbl>
next in thread | raw e-mail | index | archive | help
I have a single NIC=2C mon0=2C that constantly receive 800 Mbps of mirrored= traffic. I want to split these 800 Mbps into smaller chunks and feed them to a coupl= e of virtual interfaces. Each virtual interface can then have instance of 'snort' inspecting its tra= ffic. Say approximately 200 Mbps per interface =3D four interfaces. That way=2C each of the four snort processes only get 200 Mbps of data to i= nspect instead of having *one* single snort process (single-threaded) tryin= g to cope with 800 Mbps. (the problem I'm trying to solve is utilizing all cpu's. Currently one cpu = runs snort at 100% while all the other cpu's idle.) The important thing though is that all packets in the connection need to be= diverted to the same virtual NIC. You can't send the SYN to NIC0 and the S= YN-ACK to NIC1=2C 'cause then neither snort-process-0 nor snort-process-1 s= ee the other side of the connection. The loadbalancing must be based on a hash built from at least the mac-addre= sses+IP-addresses. So=2C what I think I'm looking for is a way to configure a lagg0 interface = in loadbalance mode=2C that take all the incoming traffic on mon0 and distr= ibute it over four virtual member NICs. (these four NICs would then probabl= y be configured to run in monitor mode.) Do FreeBSD support what I'm looking for? How do I do it? Where should I loo= k? /Elof =
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DUB125-W13FDC584F5DF9881CF5FDEBCB30>