Hello,
I'm curious if anyone is utilizing Intel 40G NICs and PF_RING ZC and if
you'd be willing to share your experience? I'm interested in learning
about which NIC you chose and how well it is working out.
Thanks in advance for any info and Happy Friday!
There is no need to use pf_ring on any modern operating Linux version. Linux has the af_packet packet capture mechanism that does the job really well.
Our production is based on either Intel’s X720 or Mellanox ConnectX-4 Lx cards (any modern Mellanox will do) and the af_packet in a QM mode. That means card’s hardware can do the filtering (and Mellanox is way more flexible than Intel here) and symmetric hashing, working with af_packet. BTW Mellanox is cool in yet another way - they happily work with flexoptics SFP modules, further saving us $$$.
I’m happy to answer all your questions about this setup - so feel free to ask. You cannot get me tired talking about this 
BTW, a while ago, while working with the Suricata’s project developer Peter Manev we wrote these documents. They are slightly outdated but the basics they describe haven’t changed much.
https://github.com/pevma/SEPTun
https://github.com/pevma/SEPTun-Mark-II ← our production is based on this one
There will also be a talk (shameless self-promotion mode on) on the Zeek week where I’ll present our setup in details and hopefully answer all questions people might have.