How do I balance bandwidth over several virtual NICs?
Luigi Rizzo
rizzo at iet.unipi.it
Tue Sep 23 14:44:05 UTC 2014
On Tue, Sep 23, 2014 at 4:36 PM, Adrian Chadd <adrian at freebsd.org> wrote:
> On 23 September 2014 01:36, Alexander V. Chernikov <melifaro at freebsd.org>
> wrote:
> > On 22.09.2014 23:46, Adrian Chadd wrote:
> >> Hi,
> >>
> >> Yes.
> >>
> >> * grab an ixgbe NIC and the -HEAD driver; (or cxgbe - I haven't gone
> >> and written RSS programming code for that just yet);
> >> * patch it to use a symmetric RSS key;
> >> * configure up N queues;
> >> * run an instance of snort on each TX/RX ring from the NIC.
> > Oh, wow.
> > I have a low priority task to do that.
> > Nice to see this in stock fbsd!
> >
> >>
> >> The last step requires that you have snort use netmap rather than just
> >> straight bpf - or maybe somehow there's a way to glue bpf into a
> >> single netmap ring.
> > I've wrote snort netmap DAG once, but it does not play well w/o
> > symmetric rss.
> > I've see if I can share it.
>
> That'd be great!
>
> I'll see if I can get -HEAD enabled with an optional symmetric RSS key.
>
> It shouldn't be too difficult. The problem is the current RSS setup
> uses the same key for all NICs.
> I _guess_ that isn't going to /really/ be a problem here - unless you
> really want your server to serve lots of traffic /and/ snort :)
>
> Then we just need a netmap enabled snort :)
>
from my (not first-hand) knowledge with IDSes,
i
believe
that the bottleneck is
mostly the processing
done in the IDS, rather than
the network I/O (provided
it is
reasonably fast
).
As a result, just running IDS instances on top
of a netmap-enabled libpcap (i.e. no source code
modifications) should do the job.
I know the Bro developers (in Bcc so they can pitch
in if they like) have been playing with some
external traffic demultiplexer that reads from the
NIC (in netmap mode) and passes traffic to IDS
instances using VALE ports or netmap pipes,
all of which are compatible with the netmap-libpcap.
In other words, even if the hardware cannot do rss
in a useful way, you should be able to do the
demux in software.
Of course, if you can put the hardware at work,
you should go for that.
cheers
luigi
More information about the freebsd-net
mailing list