From: shashi (shashi.boddula_at_oracle.com)
Date: Thu Jul 20 2006 - 15:01:31 CEST
Message-ID: <44BF7EAB.2000005@oracle.com> Date: Thu, 20 Jul 2006 18:31:31 +0530 From: shashi <shashi.boddula@oracle.com> Subject: Re: [suse-sles-e] Does tg3 support NAPI? (tuning for packet capture)
Does SLES9's Snort Version 2.3.2 supports snort-inline (IPS) ?
Alexei_Roudnev wrote:
> I should not bother too much, if server is dedicated and is relatively new.
> New Xeon based (for example) servers with
> simple Intel 1Gbit ethernte interface (embedded NICs on DELL 2850) can
> handle 100% of the 1Gbit traffic using normal TCP/IP stack, except if
> average package size is very small.
>
> There are 2 limitations in reality:
> - # of packets/second which can be processed by the server - looks as it is
> about 10 ,000 - 20,000 packets/server, even more if server is dedicated
> - total data bandwidth limited by PCI bus - looks as it is about 150
> MB/second for embedded NIC's (total on the server), or something like this.
>
> So, if you
> - are not VoIP provider
> - don't use more that 2 - 4 1Gbit NIC's on the server
> - have all server dedicated to your task
> should not expect problems.
>
>
>
> ----- Original Message -----
> From: "Steven L. Kohrs" <skohrs@opensourceexperts.com>
> To: <suse-sles-e@suse.com>
> Sent: Wednesday, July 19, 2006 10:16 AM
> Subject: [suse-sles-e] Does tg3 support NAPI? (tuning for packet capture)
>
>
>> I am trying to tune a SLES 9 server for use as a snort-inline intrusion
>> prevention system (IPS). I've read that NAPI support greatly increases
>> packet throughput. Currently, the server has Broadcom NICs that are
>> using the tg3 driver. The following shows NAPI support has been
>> compiled into the kernel, but I don't see anything that mentions tg3 (or
>> bcm5700):
>>
>> zcat /proc/config.gz | grep -i napi
>>
>> CONFIG_TULIP_NAPI=y
>> CONFIG_TULIP_NAPI_HW_MITIGATION=y
>> CONFIG_ADAPTEC_STARFIRE_NAPI=y
>> CONFIG_E100_NAPI=y
>> CONFIG_E1000_NAPI=y
>> CONFIG_IXGB_NAPI=y
>> CONFIG_S2IO_NAPI=y
>>
>> Google is starting to suck with all the irrelevant information it
>> returns, even with narrowing the search down to specific sites and
>> languages.
>>
>> Has anyone tried to tune SLES 9 for maximum packet throughput/capture
>> performance? Am I one the right track or way off?
>>
>>
>> The good news is, we've ordered an Adlink PCI-8246 NIC (for its bypass
>> capability) which is based on an Intel chipset. This should use the
>> e1000 driver and give us better tuning parameters.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
>> For additional commands, e-mail: suse-sles-e-help@suse.com
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
> For additional commands, e-mail: suse-sles-e-help@suse.com
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
For additional commands, e-mail: suse-sles-e-help@suse.com
This archive was generated by hypermail 2.1.7 : Thu Jul 20 2006 - 15:01:37 CEST