Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Netgate XG-7100 SFP+ ports inline mode compatibility

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 2 Posters 655 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      n8rfe
      last edited by

      Re: Snort Package 4.0 -- Inline IPS Mode Introduction and Configuration Instructions

      Hello

      Do we know if the Netgate XG-7100 SFP+ ports are compatible with snort V4.0 when running in-line mode?

      And if so would you expect a performance hit on the line traffic with default snort subscriber rules when using the balanced set of rules?

      Snort configured to monitor LAN interface.

      No other packages installed on the device.

      bmeeksB 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks @n8rfe
        last edited by

        @n8rfe said in Netgate XG-7100 SFP+ ports inline mode compatibility:

        Re: Snort Package 4.0 -- Inline IPS Mode Introduction and Configuration Instructions

        Hello

        Do we know if the Netgate XG-7100 SFP+ ports are compatible with snort V4.0 when running in-line mode?

        And if so would you expect a performance hit on the line traffic with default snort subscriber rules when using the balanced set of rules?

        Snort configured to monitor LAN interface.

        No other packages installed on the device.

        Currently the following NIC driver families are supported for Inline IPS Mode with the netmap device:

        'cc', 'cxl', 'cxgbe', 'em', 'igb', 'em', 'lem', 'ix', 'ixgbe', 'ixl', 're', 'vtnet'

        I don't have an XG-7100, so I don't know what NICs it has on the board.

        Yes, there will be a performance impact using Inline IPS Mode, especially on high traffic interfaces with a larger rule set (such as the Balanced IPS Policy). How big of an impact is determined primarily by the packet sizes. Lots of small packets chew up more CPU than fewer large packets (think 64-byte versus 1500-byte for an extreme example). So 1 Gigabit/second of 64-byte packets will chew up a ton more CPU than 1 Gigabit/sec of 1500-byte packets. CPU loading and interrupt service times will impact throughput with Inline IPS Mode.

        You can try enabling the mode to test. The Snort GUI code now has a check in the logic when you attempt to enable IPS Inline Mode on an interface. If the interface driver is not one of the families listed above, an error is returned and you can't save the change. You would have to stick with Legacy Mode in that case.

        N 1 Reply Last reply Reply Quote 1
        • N
          n8rfe @bmeeks
          last edited by

          @bmeeks Thanks for the information. The SG-7100 is using the ix nics for its 10GB SFP+. Once configured both WAN and LAN to use these inline mode worked correctly with the obvious hardware checksum options enabled.

          bmeeksB 1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks @n8rfe
            last edited by

            @n8rfe said in Netgate XG-7100 SFP+ ports inline mode compatibility:

            @bmeeks Thanks for the information. The SG-7100 is using the ix nics for its 10GB SFP+. Once configured both WAN and LAN to use these inline mode worked correctly with the obvious hardware checksum options enabled.

            Thanks for the feedback. It will help others who might have the same question in the future.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.