4. Suricata and VirtIO

Suricata and VirtIO

  • G

    Has anyone had any luck using suricata inline mode with virtio adapters? Currently have a virtualized environment running on KVM, guests are supplied virtio adapters connected to openvswitch which in turn connects to the physical interfaces; I'm assuming I'd need to rearchitect this with VALE and netmap to make suricata work in inline mode?

    0
  • B

    @gerby123 said in Suricata and VirtIO:

    VALE

    Are you still running Suricata on a virtualized pfsense guest? Or are you asking about Suricata in Linux?

    0
  • G

    Correct, the hypervisor is KVM but suricata is running in a PFSense guest.

    0
  • B

    I don't have any experience with KVM/vertio, but I run pfSense in VMs (ESXi) using Bro and Suricata without an issue. This includes the use of virtual switches and etc

    Can you not select a virtualized driver in KVM?

    If you can't what driver is it using and what issue are you running into with using netmap on that interface?

    0
  • G

    The issue I encounter seems related to others who have tried to run inline mode without netmap support; traffic passes for a brief period of time and then all traffic flow stops.

    0
  • G

    This post is deleted!
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy