Suricata Inline on LAGG interface
-
Since I don't mind asking stupid questions, I'm asking…
Is it possible to run Suricata Inline on a LAGG interface? My Intel X710 10G card cannot run Suricata Inline currently - it totally hoses traffic throughput when enabled. I get a MDD error in the logs and everything stops.
But I have a quad-port Intel card that uses the igbe driver and was wondering if it was possible to LAGG those together and then run Suricata on the LAGG interface in Inline mode.
Common sense and logic tell me this is not possible, but as I said, I don't mind asking stupid questions. After 20 years in the IT field, I still learn something new everyday.
-
I know this is an old topic but I ran into a situation where we would like to do this also...did you try it? Or does anyone know the answer?
-
@SteveITS i am also looking for an answer. did you have any luck?
-
@gwaitsi I don’t think we ever tried it. Our LAGG was to abstract the interfaces to facilitate HA replacement but that’s no longer a thing…HA can have different hardware now. So no more LAGG.
When we tried inline many years ago we found it broke Remote Desktop over time, no idea why. At the time one NIC was Realtek which isn’t ideal. But, haven’t been in a situation to experiment much again.