On Apr 5, 2013, at 8:49 PM, Michal Purzynski <[email protected]> wrote:
> On 2013-04-05 19:31, Alfredo Cardigliano wrote: >> Hi Michal >> could you try to reproduce this issue with latest pf_ring from svn? > > Interesting, the box is running from half an hour with over 2.5Gbits of > traffic now, split between two interfaces (300Mbits+ and 2Gbits+). That's > around 300kpps. > > If it works, I own you a beer :-) :-) Let me know if the bug appears again. > > BTW - with that level of traffic (and more to come, but I will have more > hardware as well) is my poor 16GB RAM enough? pf_ring itself uses a constant amount of memory, you should ask the snort guys. > > Also, what about CPU? I'm running it on 2 x E2620 @ 2.0Ghz with HT enabled. Same as above, however I think it's good enough for your traffic. Best Regards Alfredo > >> >> Thank you >> Alfredo >> >> On Apr 5, 2013, at 5:57 PM, Michal Purzynski <[email protected]> wrote: >> >>> Hi, >>> >>> I'm building a full packet capture IDS setup, using Security Onion (hence >>> pf_ring). >>> >>> Every time I start snort I get a long kernel stack trace and a kernel panic >>> - literally in seconds. >>> >>> The full panic capture is here: http://pastebin.com/sgLMrr49 >>> >>> Details: >>> >>> It's a HP 360 G8 server with dual CPUs (12 cores), HT enabled, 16 GB of RAM >>> running Ubuntu 12.04. The system is updated, kernel 3.2.0-39-generic. >>> >>> pf_ring version 5.5.2 >>> >>> NICs - two Intel X520-1 (82599EB chipset). >>> >>> Traffic (more or less) - eth4 250Mbit/sec, 50Kpps. eth5 2Gbit/sec and >>> 250Kpps. >>> >>> The traffic is mirrored from a load balancers. >>> >>> The same result is with distribution bundled drivers and hand build 3.14.5 >>> loaded with LRO=0 >>> >>> Ethtool options are: >>> >>> rx 4096 >>> >>> rx, tx, sg, tso, ufo, gso, lro - off >>> >>> What's interesting - I've once tried running the kernel as UP (nosmp >>> option during boot) and the system was stable (and crawling). >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
