I'm gathering some requirements and vendor options associated with
small scale Bro installations and looking for some input from the
field. Namely, I have interest in systems that are known to work well
with Bro, work reliably in the field, and that have the general
community "stamp of approval".
Features I'd like to have:
- hardware bypass support (or ability to put in a card that does support it)
- 4 interfaces
- ability to scale to at least 100Mbit line rate, 1Gbit would be
better but is not necessary
Any thoughts on CPU and RAM are always appreciated as well.
Recommended CPUs supporting any hardware options that are considered
good to take advantage of, RAM sizing, etc.
Thank you in advance for any input you can provide, as I am sure that
it can provide value to others as well.
Bivio provides a range of Linux platforms that are used extensively by federal government entities to host Bro as well as other cyber security centric applications. Our B7000 series platforms can support Bro running at line rates to multiple Gbps line rate, and include copper & fiber interfaces with hardware bypass support. It is easy to scale the platform by adding additional processor blades, so for your requirements as noted you could start with the base product (B7512/14), and then later add a processor blade to support full GbE line rates, or even scale to full 10 Gbps throughput.
Our support and dev teams are very familiar with Bro as we are often called on by our customers to help optimize their systems for best performance, especially when running multiple co-tenant apps. The high level product info for the B7000 series is at http://www.bivio.net/products/b7000/, or I'd be happy to provide you with more information (PM me: gregk (at) bivio (dot) net).
Note: I am employed by Bivio Networks.
Marketing Manager, Bivio Networks