Date: Mon, 22 Sep 2014 21:06:06 +0200 From: Elof Ofel <elofu17@hotmail.com> To: Nikolay Denev <nike_d@cytexbg.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: RE: How do I balance bandwidth over several virtual NICs? Message-ID: <DUB125-W851F972702452D9809C8E5BCB30@phx.gbl> In-Reply-To: <CA%2BP_MZGA_uz_H_QsB%2BdgXEgbXNCjv7w-OToKby=ww%2BvKgnU4_Q@mail.gmail.com> References: <DUB125-W13FDC584F5DF9881CF5FDEBCB30@phx.gbl>, <CA%2BP_MZGA_uz_H_QsB%2BdgXEgbXNCjv7w-OToKby=ww%2BvKgnU4_Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Nikolay. Unfortunetly no=2C that's not a solution. mon0 could in theory be a bridge0 with four 10 GE interfaces =3D 40 Gbps th= eoretical input that need to be distributed over multiple virtual NICs. Als= o=2C I have no control of the mirrored traffic=2C so it would be hard for m= e to build and maintain bpf filters that tries to roughly balance the bandw= idth load. Any other suggestions? /Elof > Date: Mon=2C 22 Sep 2014 18:45:28 +0200 > Subject: Re: How do I balance bandwidth over several virtual NICs? > From: nike_d@cytexbg.com > To: elofu17@hotmail.com > CC: freebsd-net@freebsd.org >=20 > On Mon=2C Sep 22=2C 2014 at 5:12 PM=2C Elof Ofel <elofu17@hotmail.com> wr= ote: > > I have a single NIC=2C mon0=2C that constantly receive 800 Mbps of mirr= ored traffic. > > I want to split these 800 Mbps into smaller chunks and feed them to a c= ouple of virtual interfaces. > > Each virtual interface can then have instance of 'snort' inspecting its= traffic. > > > > Say approximately 200 Mbps per interface =3D four interfaces. > > That way=2C each of the four snort processes only get 200 Mbps of data = to inspect instead of having *one* single snort process (single-threaded) t= rying to cope with 800 Mbps. > > > > (the problem I'm trying to solve is utilizing all cpu's. Currently one = cpu runs snort at 100% while all the other cpu's idle.) > > > > > > The important thing though is that all packets in the connection need t= o be diverted to the same virtual NIC. You can't send the SYN to NIC0 and t= he SYN-ACK to NIC1=2C 'cause then neither snort-process-0 nor snort-process= -1 see the other side of the connection. > > The loadbalancing must be based on a hash built from at least the mac-a= ddresses+IP-addresses. > > > > > > So=2C what I think I'm looking for is a way to configure a lagg0 interf= ace in loadbalance mode=2C that take all the incoming traffic on mon0 and d= istribute it over four virtual member NICs. (these four NICs would then pro= bably be configured to run in monitor mode.) > > > > > > Do FreeBSD support what I'm looking for? How do I do it? Where should I= look? > > > > /Elof > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe=2C send any mail to "freebsd-net-unsubscribe@freebsd.org= " >=20 > Since this is below one Gig=2C would running separate snort processes on > mon0 and using a BPF filter to split traffic work? >=20 > --Nikolay =
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DUB125-W851F972702452D9809C8E5BCB30>