Hello, folks! I'm working on OSS solution for DDoS detection (https://github.com/FastVPSEestiOu/fastnetmon) and passed through hard way of: pcap, ulog2, pf_ring.
I'm really amazed PF_RING and I can analyze streams up to 2 million packets per second on really slow hw (i7 2600 with Intel 82599). But my final target - provide monitoring ability on wire rate 10GBps and 14Mpps. I tried to use plain pf_ring, multichannel pf_ring and start thinking about ZC.... Maybe somebody can recommend best and fastest approach for my task? I need small amount of packet headers (src/dst ip, src/dst port, protocol). For extracting data I surely need some sort of packets parser. Fastest solution which I did now is multichannel pf_ring with 8 threads for collection data. But I can process only up to 2-3 MPPS and after this I got completely overloaded system: https://www.dropbox.com/s/m2ywqgwul8ka7ww/htoppng.png?dl=0 Is it possible to process more packets on non-zc PF_RING or I should go to ZC mode? :( -- Sincerely yours, Pavel Odintsov _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
