From owner-freebsd-net@FreeBSD.ORG Mon Sep 22 19:07:16 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A2A6CFFA for ; Mon, 22 Sep 2014 19:07:16 +0000 (UTC) Received: from DUB004-OMC3S33.hotmail.com (dub004-omc3s33.hotmail.com [157.55.2.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "*.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 32011864 for ; Mon, 22 Sep 2014 19:07:15 +0000 (UTC) Received: from DUB125-W85 ([157.55.2.8]) by DUB004-OMC3S33.hotmail.com with Microsoft SMTPSVC(7.5.7601.22724); Mon, 22 Sep 2014 12:06:06 -0700 X-TMN: [2ePILDCgEg8B1WM30oIL6n5T/r78BtO/] X-Originating-Email: [elofu17@hotmail.com] Message-ID: From: Elof Ofel To: Nikolay Denev Subject: RE: How do I balance bandwidth over several virtual NICs? Date: Mon, 22 Sep 2014 21:06:06 +0200 Importance: Normal In-Reply-To: References: , MIME-Version: 1.0 X-OriginalArrivalTime: 22 Sep 2014 19:06:06.0518 (UTC) FILETIME=[430AAD60:01CFD698] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Sep 2014 19:07:16 -0000 Hi Nikolay. Unfortunetly no=2C that's not a solution. mon0 could in theory be a bridge0 with four 10 GE interfaces =3D 40 Gbps th= eoretical input that need to be distributed over multiple virtual NICs. Als= o=2C I have no control of the mirrored traffic=2C so it would be hard for m= e to build and maintain bpf filters that tries to roughly balance the bandw= idth load. Any other suggestions? /Elof > Date: Mon=2C 22 Sep 2014 18:45:28 +0200 > Subject: Re: How do I balance bandwidth over several virtual NICs? > From: nike_d@cytexbg.com > To: elofu17@hotmail.com > CC: freebsd-net@freebsd.org >=20 > On Mon=2C Sep 22=2C 2014 at 5:12 PM=2C Elof Ofel wr= ote: > > I have a single NIC=2C mon0=2C that constantly receive 800 Mbps of mirr= ored traffic. > > I want to split these 800 Mbps into smaller chunks and feed them to a c= ouple of virtual interfaces. > > Each virtual interface can then have instance of 'snort' inspecting its= traffic. > > > > Say approximately 200 Mbps per interface =3D four interfaces. > > That way=2C each of the four snort processes only get 200 Mbps of data = to inspect instead of having *one* single snort process (single-threaded) t= rying to cope with 800 Mbps. > > > > (the problem I'm trying to solve is utilizing all cpu's. Currently one = cpu runs snort at 100% while all the other cpu's idle.) > > > > > > The important thing though is that all packets in the connection need t= o be diverted to the same virtual NIC. You can't send the SYN to NIC0 and t= he SYN-ACK to NIC1=2C 'cause then neither snort-process-0 nor snort-process= -1 see the other side of the connection. > > The loadbalancing must be based on a hash built from at least the mac-a= ddresses+IP-addresses. > > > > > > So=2C what I think I'm looking for is a way to configure a lagg0 interf= ace in loadbalance mode=2C that take all the incoming traffic on mon0 and d= istribute it over four virtual member NICs. (these four NICs would then pro= bably be configured to run in monitor mode.) > > > > > > Do FreeBSD support what I'm looking for? How do I do it? Where should I= look? > > > > /Elof > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe=2C send any mail to "freebsd-net-unsubscribe@freebsd.org= " >=20 > Since this is below one Gig=2C would running separate snort processes on > mon0 and using a BPF filter to split traffic work? >=20 > --Nikolay =