Measure DPI perfomance on 10Gbps NICs
-
Hello everyone.
I took upon myself to try pfSense in my university's VM environment testing how well pfSense can perform layer 7 DPI on 10 Gbps links.
Im in the early stages of the project but sort of struggling at the moment and looking for some direction and help from you guys here.
I want to make a script on CLIENT 1 performing two dig commands in a loop for CLIENT 2 to process (with pfSense in between them). One 'dig' doing a standard lookup and the second doing a recursive lookup and let pfSense sort them out through layer 7 DPI and let one pass and stop the other. And to see if this particular set-up can handle the 10 Gbps NIC's my school recently purchased.
Do anyone of you got any idea on how I can develop a DPI rule like this one? Do i need a certain package(like SNORT) for this or is this function included in pfSense as it is?
Also I'm curious to what would be the best tool to measure pfSense throughput as the script runs.
Thanks in advance
-
You would need to use Snort or Suricata for packet inspection. You might want to use Suricata since it supports in-line mode, in legacy mode at least one packet is passed before the block is set so for something like dig that's probably not going to work well. Assuming your client is going to spoof numerous source IPs that is.
Developing that rule is outside the scope of this subsection. Probably best to ask in IPS/IDS.
Steve
-
Hey Stephen thanks for your reply.
We are indeed looking into Snort right now, although we have changed the way we are gonna test it. We will try use iperf with the -F (file input) flag set with a text document containing the phrase to be blocked.
But anyway I'll head to IPS/IDS section with further questions.
Benjamin