Suricata only using one WCPU for working thread?

Started by Mitzsch, April 05, 2021, 10:35:37 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 05, 2021, 10:35:37 AM Last Edit: April 05, 2021, 10:37:25 AM by Mitzsch
Hello everyone,

I have a problem with my suricata config. I installed OPNsense 21.1.4 on my dell r330 (E3 1230 v5 - 16gb Ram - X710) and setup suricata. After running an iperf test I was "only" seeing a throughput of about 1.8 Gbps and a surciata cpu utilization of about 135%, but with top -aSH I could see one suricata process with WCPU pegged at 100%. The process had a {W#01-ixl1} at the end (Working thread?), a second process with {W#01-ixl1^} was only using 35% cpu. I tried changing the worker's mode to autofp, which made things even worse. I also tried running two iperf instances, but this changed nothing. The cumulated throughput was still about 1.8 Gbps. I thought suricata is multithreaded? Or is there something missing in the suricata.yaml? Is iperf even the right thing to test suricata throughput?

testing setup
Code Select
[Linux PC1 - iperf client] <---"LAN - 10g"---> [OPNsense] <---"WAN - 10g"---> [Linux PC2 - iperf server]


Thanks! :)
Print
Go Up Pages1
User actions