Hardware configuration
- Model: Supermicro (X8DTH)
- CPU(s): 2 × Intel(R) Xeon(R) CPU X5550 @ 2.67 GHz
- Number of CPU cores: 2 × 4 × hyper-threading = 16
- NUMA Nodes: 2
- RAM: 12 GB @ 1333 MHz
OS configuration
- Distribution: CentOS 6.3 64-bit
- Kernel: 2.6.32-279.5.1.el6.x86_64
Snort configuration
- Snort version 2.9.3.1
- Snort rules set: snortrules-snapshot-2930.tar.gz
- All logging disabled (-K none)
Traffic used in the tests
- Non-malicious traffic
- Number of frames: 50341 repeated 5000 times = 251705000 in total
- Frame size distribution as shown in this figure, which is a screen capture from the
monitoring tool:
Test results
This table shows the percentage of packets processed depending on the number of Snort instances and the input data rate. The last column shows the cut-off rate at which Snort starts to lose packets.
Packets Processed (%) | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Gbps | 2 Gbps | 3 Gbps | 4 Gbps | 5 Gbps | 6 Gbps | 7 Gbps | 8 Gbps | 9 Gbps | 10 Gbps | 20 Gbps | Cut-off rate | |
NT20E2 | ||||||||||||
16 Snort instances | 100,00 | 100,00 | 100,00 | 88,67 | 70,37 | 58,74 | 49,59 | 43,34 | 37,80 | 34,49 | 29,74 | 3.100 Mbps |
12 Snort instances | 100,00 | 100,00 | 98,07 | 84,11 | 70,08 | 58,26 | 49,44 | 42,85 | 37,99 | 33,10 | 25,30 | 2.900 Mbps |
8 Snort instances | 100,00 | 100,00 | 91,49 | 79,48 | 62,48 | 52,01 | 43,81 | 38,29 | 33,31 | 30,24 | 22,04 | 2.500 Mbps |
4 Snort instances | 100,00 | 89,30 | 59,44 | 43,37 | 34,05 | 27,40 | 23,41 | 19,87 | 17,45 | 15,87 | 11,17 | 1.800 Mbps |
NT4E-4 | ||||||||||||
16 Snort instances | 100,00 | 100,00 | 100,00 | 92,88 | - | - | - | - | - | - | - | 4×800 Mbps |
12 Snort instances | 100,00 | 100,00 | 91,24 | 81,32 | - | - | - | - | - | - | - | 3×800 Mbps |
8 Snort instances | 100,00 | 100,00 | 86,39 | 74,61 | - | - | - | - | - | - | - | 3×700 Mbps |
4 Snort instances | 100,00 | 85,37 | 55,60 | 39,89 | - | - | - | - | - | - | - | 2×750 Mbps |
Style Conventions
Bold typeface is used for names of, for instance, user interface elements and software components.
Italic typeface is used for replaceable text.
Monospaced typeface is used for code, commands and file names.
Abbreviations
CPU
Central Processing Unit
CRC
Cyclic Redundancy Check
DN
Document Number
IDS
Intrusion Detection System
NT
NapaTech
ntpl, NTPL
NapaTech Programming Language
NUMA
Non-Uniform Memory Access
OS
Operating System
RAM
Random-Access Memory
Rev.
REVision
RMON
Remote network MONitoring
RX
Reception/Receive