From owner-freebsd-net@FreeBSD.ORG Mon Sep 22 19:46:03 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 60C34CC4 for ; Mon, 22 Sep 2014 19:46:03 +0000 (UTC) Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EDB84D38 for ; Mon, 22 Sep 2014 19:46:02 +0000 (UTC) Received: by mail-wi0-f181.google.com with SMTP id z2so3747567wiv.14 for ; Mon, 22 Sep 2014 12:46:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=PNpNghrk9N2R+Z9NnxnEe9ekLgigaoseeAfxVheUN9U=; b=zL1pXk9jEX6OUgBX0oUaFmejx1xvWHR5DO2YZuBmFrbBjzyDW7mrW/q1Bt1zN5eUA9 Az2y/F503Td3ID/gYmFoAZLfXxDmAotTcCte0ihaicFphKLgmMqujfaSaa7Mxtdu+xJi cuzsKxnakrdyjgwmutTK3o9fGnWZzj96WVAXsJbbZMM/gYvFgw0K2HckYNbaBpFNGxq1 OWkSB7oX17wk1m84BH/vU+4M8nTSppPVHdI34h0vhWwC20TjRMgmlggp3tKwFKLAYTAF 6bogKfhfmEUXVsE9dQdF/2JGly0q5GroMEq7MfbMLWiFQZra6ECD7550yPsTmCmWC/2k GN0Q== MIME-Version: 1.0 X-Received: by 10.194.187.241 with SMTP id fv17mr22979216wjc.13.1411415161171; Mon, 22 Sep 2014 12:46:01 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.216.106.199 with HTTP; Mon, 22 Sep 2014 12:46:01 -0700 (PDT) In-Reply-To: References: Date: Mon, 22 Sep 2014 12:46:01 -0700 X-Google-Sender-Auth: zGygxJ7miprKKrZAzn7gB-Z5JKM Message-ID: Subject: Re: How do I balance bandwidth over several virtual NICs? From: Adrian Chadd To: Elof Ofel Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Sep 2014 19:46:03 -0000 Hi, Yes. * grab an ixgbe NIC and the -HEAD driver; (or cxgbe - I haven't gone and written RSS programming code for that just yet); * patch it to use a symmetric RSS key; * configure up N queues; * run an instance of snort on each TX/RX ring from the NIC. The last step requires that you have snort use netmap rather than just straight bpf - or maybe somehow there's a way to glue bpf into a single netmap ring. I haven't wrapped all of this up and thrown it into FreeBSD-HEAD yet, but i know that a symmetric RSS key works fine on 82599 hardware with a fixed driver. -a On 22 September 2014 12:06, Elof Ofel wrote: > Hi Nikolay. > > Unfortunetly no, that's not a solution. > mon0 could in theory be a bridge0 with four 10 GE interfaces =3D 40 Gbps = theoretical input that need to be distributed over multiple virtual NICs. A= lso, I have no control of the mirrored traffic, so it would be hard for me = to build and maintain bpf filters that tries to roughly balance the bandwid= th load. > > Any other suggestions? > > /Elof > >> Date: Mon, 22 Sep 2014 18:45:28 +0200 >> Subject: Re: How do I balance bandwidth over several virtual NICs? >> From: nike_d@cytexbg.com >> To: elofu17@hotmail.com >> CC: freebsd-net@freebsd.org >> >> On Mon, Sep 22, 2014 at 5:12 PM, Elof Ofel wrote: >> > I have a single NIC, mon0, that constantly receive 800 Mbps of mirrore= d traffic. >> > I want to split these 800 Mbps into smaller chunks and feed them to a = couple of virtual interfaces. >> > Each virtual interface can then have instance of 'snort' inspecting it= s traffic. >> > >> > Say approximately 200 Mbps per interface =3D four interfaces. >> > That way, each of the four snort processes only get 200 Mbps of data t= o inspect instead of having *one* single snort process (single-threaded) tr= ying to cope with 800 Mbps. >> > >> > (the problem I'm trying to solve is utilizing all cpu's. Currently one= cpu runs snort at 100% while all the other cpu's idle.) >> > >> > >> > The important thing though is that all packets in the connection need = to be diverted to the same virtual NIC. You can't send the SYN to NIC0 and = the SYN-ACK to NIC1, 'cause then neither snort-process-0 nor snort-process-= 1 see the other side of the connection. >> > The loadbalancing must be based on a hash built from at least the mac-= addresses+IP-addresses. >> > >> > >> > So, what I think I'm looking for is a way to configure a lagg0 interfa= ce in loadbalance mode, that take all the incoming traffic on mon0 and dist= ribute it over four virtual member NICs. (these four NICs would then probab= ly be configured to run in monitor mode.) >> > >> > >> > Do FreeBSD support what I'm looking for? How do I do it? Where should = I look? >> > >> > /Elof >> > >> > _______________________________________________ >> > freebsd-net@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-net >> > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >> Since this is below one Gig, would running separate snort processes on >> mon0 and using a BPF filter to split traffic work? >> >> --Nikolay > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"