Hey Cooper, Well RSS is a HW offload so I'm not sure how much can be done to "fix" this issue. That said with more resent drivers versions you can modify the RSS hash key and maybe try out the special "Random Secret Key" mentioned in the Suricata documentation. Likewise ATR may behave better for this setup as it attempt to localize traffic to the CPU the transmit was done on and since the queues are mapped 1-to-1 with the CPU's both sides of the should end up on the same queue assuming they are processed by the same thread. Might be worth trying?
Thanks, -Don Skidmore <donald.c.skidm...@intel.com> > -----Original Message----- > From: Cooper F. Nelson [mailto:cnel...@ucsd.edu] > Sent: Wednesday, November 16, 2016 3:30 PM > To: e1000-de...@lists.sf.net > Subject: [E1000-devel] Symmetric hashing for ixgbe driver? > > See subject. The lack of symmetric flow hashing in RSS implementations is > impacting the accuracy of IDS sensors (particularly those using bro and > suricata). Is there a roadmap for fixing this issue? > > More details at the link below: > > > http://suricata.readthedocs.io/en/latest/performance/packet-capture.ht > > ml > > -- > Cooper Nelson > Network Security Analyst > UCSD ITS Security Team > cnel...@ucsd.edu x41042 ------------------------------------------------------------------------------ _______________________________________________ E1000-devel mailing list E1000-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/e1000-devel To learn more about Intel® Ethernet, visit http://communities.intel.com/community/wired
