Hello all,
Are any of you running Suricata with 10Gb throughput in intrusion prevention mode?
If yes..:
How many rules are used?
What hardware is used? (CPU, NIC...)
Which OPNsense version is used in the setup?
Looks like classic CPUs are not able to process the traffic. FPGAs or Smart NICs should process the traffic. It will probably take a few more years until such hardware is widely available.
I never saw more than 3,5Gbit .. but I also didnt test against FreeBSD 13 yet
I had wondered why firewall manufacturers like Sophos and Fortigate quote such high intrusion prevention throughput rates for their hardware.
It looks like they are using a co processor for this task. It must be an FPGA. Or they cheat and create firewall rules dynamically and kill the state when the IDS sends an alert.
Napatech is already allowing Suricata offloading:
https://suricata.readthedocs.io/en/suricata-6.0.0/capture-hardware/napatech.html