4. Suricata and VirtIO

Suricata and VirtIO

  • G

    Has anyone had any luck using suricata inline mode with virtio adapters? Currently have a virtualized environment running on KVM, guests are supplied virtio adapters connected to openvswitch which in turn connects to the physical interfaces; I'm assuming I'd need to rearchitect this with VALE and netmap to make suricata work in inline mode?

    0
  • B

    @gerby123 said in Suricata and VirtIO:

    VALE

    Are you still running Suricata on a virtualized pfsense guest? Or are you asking about Suricata in Linux?

    0
  • G

    Correct, the hypervisor is KVM but suricata is running in a PFSense guest.

    0
  • B

    I don't have any experience with KVM/vertio, but I run pfSense in VMs (ESXi) using Bro and Suricata without an issue. This includes the use of virtual switches and etc

    Can you not select a virtualized driver in KVM?

    If you can't what driver is it using and what issue are you running into with using netmap on that interface?

    0
  • G

    The issue I encounter seems related to others who have tried to run inline mode without netmap support; traffic passes for a brief period of time and then all traffic flow stops.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy