Hi!
I searching for a while to find the issue in my home network what is limitating the throughput.
But now its clear. Its Surricata.
My Setup is a SuperMicro Board with C2750.
If I enable Surricata with IPS I can only get 100mbit throughput, but if I disable it, I am near 1 Gig (Arround 780mbit).
So what can I do to optimize the throughput?
My current setup looks like this:
[X] Disable hardware checksum offload
[X] Disable hardware TCP segmentation offload
[X] Disable hardware large receive offload
Disable VLAN Hardware Filtering.
I have only one interface for my local network with 10 VLANs.
IPS-Settings:
Interfaces: LAN, WAN (thats my physical interfaces)
Pattern matcher: Hyperscan
Promiscuous mode: "not checked"
Home networks: LAN-Adresses, WAN-Adress
Thanks for your help!
kind regards
Home-Network WAN Address is probably wrong.
Are you sure?
Thats the guide from this forum, and as expected many use this setup.
Just for information, I restartet suricata and get now 80 MB/s whats better then before.
And I found something interessting in the log:
"Out of memory" or something like that, I didn't have it in the log anymore.
What is this?
The memory consumation is minimal of my opnsense instanz.