Hey Cooper, Well RSS is a HW offload so I'm not sure how much can be done to "fix" this issue. That said with more resent drivers versions you can modify the RSS hash key and maybe try out the special "Random Secret Key" mentioned in the Suricata documentation. Likewise ATR may behave better for this setup as it attempt to localize traffic to the CPU the transmit was done on and since the queues are mapped 1-to-1 with the CPU's both sides of the should end up on the same queue assuming they are processed by the same thread. Might be worth trying?
Thanks, -Don Skidmore <[email protected]> > -----Original Message----- > From: Cooper F. Nelson [mailto:[email protected]] > Sent: Wednesday, November 16, 2016 3:30 PM > To: [email protected] > Subject: [E1000-devel] Symmetric hashing for ixgbe driver? > > See subject. The lack of symmetric flow hashing in RSS implementations is > impacting the accuracy of IDS sensors (particularly those using bro and > suricata). Is there a roadmap for fixing this issue? > > More details at the link below: > > > http://suricata.readthedocs.io/en/latest/performance/packet-capture.ht > > ml > > -- > Cooper Nelson > Network Security Analyst > UCSD ITS Security Team > [email protected] x41042 ------------------------------------------------------------------------------ _______________________________________________ E1000-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/e1000-devel To learn more about Intel® Ethernet, visit http://communities.intel.com/community/wired
