On 2013-04-05 19:31, Alfredo Cardigliano wrote:
Hi Michal
could you try to reproduce this issue with latest pf_ring from svn?
Interesting, the box is running from half an hour with over 2.5Gbits of
traffic now, split between two interfaces (300Mbits+ and 2Gbits+).
That's around 300kpps.
If it works, I own you a beer :-)
BTW - with that level of traffic (and more to come, but I will have more
hardware as well) is my poor 16GB RAM enough?
Also, what about CPU? I'm running it on 2 x E2620 @ 2.0Ghz with HT enabled.
Thank you
Alfredo
On Apr 5, 2013, at 5:57 PM, Michal Purzynski <[email protected]> wrote:
Hi,
I'm building a full packet capture IDS setup, using Security Onion (hence
pf_ring).
Every time I start snort I get a long kernel stack trace and a kernel panic -
literally in seconds.
The full panic capture is here: http://pastebin.com/sgLMrr49
Details:
It's a HP 360 G8 server with dual CPUs (12 cores), HT enabled, 16 GB of RAM
running Ubuntu 12.04. The system is updated, kernel 3.2.0-39-generic.
pf_ring version 5.5.2
NICs - two Intel X520-1 (82599EB chipset).
Traffic (more or less) - eth4 250Mbit/sec, 50Kpps. eth5 2Gbit/sec and 250Kpps.
The traffic is mirrored from a load balancers.
The same result is with distribution bundled drivers and hand build 3.14.5
loaded with LRO=0
Ethtool options are:
rx 4096
rx, tx, sg, tso, ufo, gso, lro - off
What's interesting - I've once tried running the kernel as UP (nosmp option
during boot) and the system was stable (and crawling).
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
