Date: Mon, 22 Sep 2014 12:46:01 -0700 From: Adrian Chadd <adrian@freebsd.org> To: Elof Ofel <elofu17@hotmail.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: How do I balance bandwidth over several virtual NICs? Message-ID: <CAJ-Vmo=NGGkOkPWQKZ=3gA3vYYyM2kcjd3m85ymdJY3q4ixxLw@mail.gmail.com> In-Reply-To: <DUB125-W851F972702452D9809C8E5BCB30@phx.gbl> References: <DUB125-W13FDC584F5DF9881CF5FDEBCB30@phx.gbl> <CA%2BP_MZGA_uz_H_QsB%2BdgXEgbXNCjv7w-OToKby=ww%2BvKgnU4_Q@mail.gmail.com> <DUB125-W851F972702452D9809C8E5BCB30@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Yes. * grab an ixgbe NIC and the -HEAD driver; (or cxgbe - I haven't gone and written RSS programming code for that just yet); * patch it to use a symmetric RSS key; * configure up N queues; * run an instance of snort on each TX/RX ring from the NIC. The last step requires that you have snort use netmap rather than just straight bpf - or maybe somehow there's a way to glue bpf into a single netmap ring. I haven't wrapped all of this up and thrown it into FreeBSD-HEAD yet, but i know that a symmetric RSS key works fine on 82599 hardware with a fixed driver. -a On 22 September 2014 12:06, Elof Ofel <elofu17@hotmail.com> wrote: > Hi Nikolay. > > Unfortunetly no, that's not a solution. > mon0 could in theory be a bridge0 with four 10 GE interfaces =3D 40 Gbps = theoretical input that need to be distributed over multiple virtual NICs. A= lso, I have no control of the mirrored traffic, so it would be hard for me = to build and maintain bpf filters that tries to roughly balance the bandwid= th load. > > Any other suggestions? > > /Elof > >> Date: Mon, 22 Sep 2014 18:45:28 +0200 >> Subject: Re: How do I balance bandwidth over several virtual NICs? >> From: nike_d@cytexbg.com >> To: elofu17@hotmail.com >> CC: freebsd-net@freebsd.org >> >> On Mon, Sep 22, 2014 at 5:12 PM, Elof Ofel <elofu17@hotmail.com> wrote: >> > I have a single NIC, mon0, that constantly receive 800 Mbps of mirrore= d traffic. >> > I want to split these 800 Mbps into smaller chunks and feed them to a = couple of virtual interfaces. >> > Each virtual interface can then have instance of 'snort' inspecting it= s traffic. >> > >> > Say approximately 200 Mbps per interface =3D four interfaces. >> > That way, each of the four snort processes only get 200 Mbps of data t= o inspect instead of having *one* single snort process (single-threaded) tr= ying to cope with 800 Mbps. >> > >> > (the problem I'm trying to solve is utilizing all cpu's. Currently one= cpu runs snort at 100% while all the other cpu's idle.) >> > >> > >> > The important thing though is that all packets in the connection need = to be diverted to the same virtual NIC. You can't send the SYN to NIC0 and = the SYN-ACK to NIC1, 'cause then neither snort-process-0 nor snort-process-= 1 see the other side of the connection. >> > The loadbalancing must be based on a hash built from at least the mac-= addresses+IP-addresses. >> > >> > >> > So, what I think I'm looking for is a way to configure a lagg0 interfa= ce in loadbalance mode, that take all the incoming traffic on mon0 and dist= ribute it over four virtual member NICs. (these four NICs would then probab= ly be configured to run in monitor mode.) >> > >> > >> > Do FreeBSD support what I'm looking for? How do I do it? Where should = I look? >> > >> > /Elof >> > >> > _______________________________________________ >> > freebsd-net@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-net >> > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >> Since this is below one Gig, would running separate snort processes on >> mon0 and using a BPF filter to split traffic work? >> >> --Nikolay > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-Vmo=NGGkOkPWQKZ=3gA3vYYyM2kcjd3m85ymdJY3q4ixxLw>