Netgate XG-7100 SFP+ ports inline mode compatibility
-
Re: Snort Package 4.0 -- Inline IPS Mode Introduction and Configuration Instructions
Hello
Do we know if the Netgate XG-7100 SFP+ ports are compatible with snort V4.0 when running in-line mode?
And if so would you expect a performance hit on the line traffic with default snort subscriber rules when using the balanced set of rules?
Snort configured to monitor LAN interface.
No other packages installed on the device.
-
@n8rfe said in Netgate XG-7100 SFP+ ports inline mode compatibility:
Re: Snort Package 4.0 -- Inline IPS Mode Introduction and Configuration Instructions
Hello
Do we know if the Netgate XG-7100 SFP+ ports are compatible with snort V4.0 when running in-line mode?
And if so would you expect a performance hit on the line traffic with default snort subscriber rules when using the balanced set of rules?
Snort configured to monitor LAN interface.
No other packages installed on the device.
Currently the following NIC driver families are supported for Inline IPS Mode with the
netmap
device:'cc', 'cxl', 'cxgbe', 'em', 'igb', 'em', 'lem', 'ix', 'ixgbe', 'ixl', 're', 'vtnet'
I don't have an XG-7100, so I don't know what NICs it has on the board.
Yes, there will be a performance impact using Inline IPS Mode, especially on high traffic interfaces with a larger rule set (such as the Balanced IPS Policy). How big of an impact is determined primarily by the packet sizes. Lots of small packets chew up more CPU than fewer large packets (think 64-byte versus 1500-byte for an extreme example). So 1 Gigabit/second of 64-byte packets will chew up a ton more CPU than 1 Gigabit/sec of 1500-byte packets. CPU loading and interrupt service times will impact throughput with Inline IPS Mode.
You can try enabling the mode to test. The Snort GUI code now has a check in the logic when you attempt to enable IPS Inline Mode on an interface. If the interface driver is not one of the families listed above, an error is returned and you can't save the change. You would have to stick with Legacy Mode in that case.
-
@bmeeks Thanks for the information. The SG-7100 is using the ix nics for its 10GB SFP+. Once configured both WAN and LAN to use these inline mode worked correctly with the obvious hardware checksum options enabled.
-
@n8rfe said in Netgate XG-7100 SFP+ ports inline mode compatibility:
@bmeeks Thanks for the information. The SG-7100 is using the ix nics for its 10GB SFP+. Once configured both WAN and LAN to use these inline mode worked correctly with the obvious hardware checksum options enabled.
Thanks for the feedback. It will help others who might have the same question in the future.