Hi Don, Thank you for the prompt reply. I can't see how ATR would work in a span/monitor case as we are only using RSS to capture/hash the flows. No TSS involved.
I read the 'random secret key' paper and they left out the details how to actually set the key. Can you point me to any docs that show how to set the hash key on a current ixgbe driver? This is the one I'm running on our kernel: > [182398.649391] ixgbe: Intel(R) 10 Gigabit PCI Express Network Driver - > version 4.4.0-k -Coop On 11/16/2016 3:59 PM, Skidmore, Donald C wrote: > Hey Cooper, > > Well RSS is a HW offload so I'm not sure how much can be done to > "fix" this issue. That said with more resent drivers versions you > can modify the RSS hash key and maybe try out the special "Random > Secret Key" mentioned in the Suricata documentation. Likewise ATR > may behave better for this setup as it attempt to localize traffic to > the CPU the transmit was done on and since the queues are mapped > 1-to-1 with the CPU's both sides of the should end up on the same > queue assuming they are processed by the same thread. Might be worth > trying? > > Thanks, -Don Skidmore <donald.c.skidm...@intel.com> > >> -----Original Message----- From: Cooper F. Nelson >> [mailto:cnel...@ucsd.edu] Sent: Wednesday, November 16, 2016 3:30 >> PM To: e1000-de...@lists.sf.net Subject: [E1000-devel] Symmetric >> hashing for ixgbe driver? >> >> See subject. The lack of symmetric flow hashing in RSS >> implementations is impacting the accuracy of IDS sensors >> (particularly those using bro and suricata). Is there a roadmap >> for fixing this issue? >> >> More details at the link below: >> >>> http://suricata.readthedocs.io/en/latest/performance/packet-capture.ht >>> >>> ml >> >> -- Cooper Nelson Network Security Analyst UCSD ITS Security Team >> cnel...@ucsd.edu x41042 > -- Cooper Nelson Network Security Analyst UCSD ITS Security Team cnel...@ucsd.edu x41042
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ E1000-devel mailing list E1000-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/e1000-devel To learn more about Intel® Ethernet, visit http://communities.intel.com/community/wired
