841
19.1 Legacy Series / Re: Call for testing: New netmap enabled kernel
« on: February 07, 2019, 05:36:44 pm »Installed the netmap enabled kernel, seems like it crashes elasticsearch in Sensei constantly. Though, the Sensei service itself is running perfectly.Could it be the case that Sensei is not adjusted yet? Seems I can't activate Sensei on the WAN port - which is a VLAN interface (my provider requires it).
EDIT: rebooted once more (second reboot after kernel installation) and now it seems to work as solid as before.
Good to hear that @jjanzz, any chances you retained some logs regarding Elastic search issue? Might be a good idea to have a look at them. Normally it shouldn't affect ES.
With regard to Sensei, the only difference is that Sensei will be able to run on VLAN and virtio interfaces.
0.7 intentionally refuses to run on those interfaces, because with old kernel it would just cause traffic flow to cease.
One other note regarding WAN interfaces: Sensei is designed to run on inner-looking interfaces. This is because this way, we can also do a mapping between userid and local ip. With WAN interfaces we lose this information (because we get packets after they're NAT'd).
Working on Sensei 0.8-beta1, which should arrive soon. This has virtio/VLAN enabled. So that you can fully enjoy the new functionality with the new kernel.
With Suricata, you can just start testing the new kernel on virtio / VLAN interfaces.
To our experience, virtio on QEMU/KVM gives better performance results compared to em.