Slow speeds with Suricata inline mode

  • I am running one Suricata instanced on my WAN interface on an APU4.

    With Suricata blocking inline mode my internet speeds on seemed to be cut in half. Without Suricata running at all I am getting about 90mbps.
    With Suricata inline mode I am getting 40mbps.

    I tried to disabling blocking on Suricata just to test and I get the error:

     <error>-- [ERRCODE: SC_ERR_INITIALIZATION(45)] - No interface found in config for netmap</error>

    when trying to start Suricata.

    I deleted the interface in Suricata and recreated it with the same settings except no blocking and a speed test shows my connection back at 90mbps.

    Are others seeing similar issues with Suricata inline mode? I know its brand new on pfSense and I saw some other threads about issues with netmap, but didn't see anything about this issue specifically. Could this be an issue with the hardware?

    This is different hardware than this other thread where I am running both Snort and Suricata (that is more of a lab environment, but I'm wondering if the issues are related.

  • After reading your posts, I can say, I have the same issue as you, but for me is more speed consuming, if I disable Suricata, I get 537 Mbps. If I enable Suricata again I'll get 131 Mbps. Its possible that the root cause to be Suricata rules, that needs tweeking? I have an extra 4 Gigs of RAM free from the total 8 Gigs. So no memory issue just like you

Log in to reply