Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata Inline on LAGG interface

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 3 Posters 1.4k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      dhboyd26
      last edited by

      Since I don't mind asking stupid questions, I'm asking…

      Is it possible to run Suricata Inline on a LAGG interface?  My Intel X710 10G card cannot run Suricata Inline currently - it totally hoses traffic throughput when enabled.  I get a MDD error in the logs and everything stops.

      But I have a quad-port Intel card that uses the igbe driver and was wondering if it was possible to LAGG those together and then run Suricata on the LAGG interface in Inline mode.

      Common sense and logic tell me this is not possible, but as I said, I don't mind asking stupid questions.  After 20 years in the IT field, I still learn something new everyday.

      1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Rebel Alliance
        last edited by

        I know this is an old topic but I ran into a situation where we would like to do this also...did you try it? Or does anyone know the answer?

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote 👍 helpful posts!

        4 1 Reply Last reply Reply Quote 0
        • 4 Offline
          4o4rh @SteveITS
          last edited by

          @SteveITS i am also looking for an answer. did you have any luck?

          S 1 Reply Last reply Reply Quote 0
          • S Offline
            SteveITS Rebel Alliance @4o4rh
            last edited by

            @gwaitsi I don’t think we ever tried it. Our LAGG was to abstract the interfaces to facilitate HA replacement but that’s no longer a thing…HA can have different hardware now. So no more LAGG.

            When we tried inline many years ago we found it broke Remote Desktop over time, no idea why. At the time one NIC was Realtek which isn’t ideal. But, haven’t been in a situation to experiment much again.

            Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.