Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Hardware and Performance
»
Hardware for 10GBE IPS questions
« previous
next »
Print
Pages: [
1
]
Author
Topic: Hardware for 10GBE IPS questions (Read 1842 times)
seed
Full Member
Posts: 169
Karma: 12
Hardware for 10GBE IPS questions
«
on:
May 13, 2022, 11:52:46 am »
Hello all,
Are any of you running Suricata with 10Gb throughput in intrusion prevention mode?
If yes..:
How many rules are used?
What hardware is used? (CPU, NIC...)
Which OPNsense version is used in the setup?
Logged
OPNsense on dedicated Hardware:
AMD Ryzen 7700
Asus TUF B650M-Plus
64GB DDR5 ECC
Intel i350-T4
Intel x710-DA2
private user, no business use
seed
Full Member
Posts: 169
Karma: 12
Re: Hardware for 10GBE IPS questions
«
Reply #1 on:
May 26, 2022, 08:33:09 pm »
Looks like classic CPUs are not able to process the traffic. FPGAs or Smart NICs should process the traffic. It will probably take a few more years until such hardware is widely available.
Logged
OPNsense on dedicated Hardware:
AMD Ryzen 7700
Asus TUF B650M-Plus
64GB DDR5 ECC
Intel i350-T4
Intel x710-DA2
private user, no business use
mimugmail
Hero Member
Posts: 6723
Karma: 478
Re: Hardware for 10GBE IPS questions
«
Reply #2 on:
May 26, 2022, 08:53:24 pm »
I never saw more than 3,5Gbit .. but I also didnt test against FreeBSD 13 yet
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
seed
Full Member
Posts: 169
Karma: 12
Re: Hardware for 10GBE IPS questions
«
Reply #3 on:
May 26, 2022, 09:58:10 pm »
I had wondered why firewall manufacturers like Sophos and Fortigate quote such high intrusion prevention throughput rates for their hardware.
It looks like they are using a co processor for this task. It must be an FPGA. Or they cheat and create firewall rules dynamically and kill the state when the IDS sends an alert.
Napatech is already allowing Suricata offloading:
https://suricata.readthedocs.io/en/suricata-6.0.0/capture-hardware/napatech.html
«
Last Edit: May 26, 2022, 10:06:37 pm by seed
»
Logged
OPNsense on dedicated Hardware:
AMD Ryzen 7700
Asus TUF B650M-Plus
64GB DDR5 ECC
Intel i350-T4
Intel x710-DA2
private user, no business use
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Hardware and Performance
»
Hardware for 10GBE IPS questions