I wonder if anyone had a chance of somehow incorporate a FPGA NIC \ Smart NIC \ Napatech \ PF_RING with Bro ?
I would like to scale my Bro cluster and process higher volumes of traffic (5-10Gbps). Currently I use PF_RING supported nic (intel X710) to LB the traffic to multiple workers - this environment cannot handle the above traffic load.
I could always beef up my server but that does not seem like an elegant solution.
Could there be any benefits for moving to Napatech NIC or FPGA supported NIC ?
In what scenario an FPGA card can be integrated with Bro to offload some of its more tedious tasks to the smart nic ?
So af_packet will speed up the packet source \ IO loop part of Bro more than PF_RING ?
After reading about it they seem to provide roughly the same output in terms of speed.
It still seems like speeding up the reading of network traffic to Bro can get you so far, no other ways of taking some of Bro’s processing and offload them to a network card\ FPGA card ?
There aren't any code paths in Bro that offload work into any specialized NICs. It's fairly hard to find the exact right abstraction that would provide some benefit to Bro and still be technically achievable.
> It still seems like speeding up the reading of network traffic to Bro
> can get you so far, no other ways of taking some of Bro's processing
> and offload them to a network card\ FPGA card ?
There aren't any code paths in Bro that offload work into any
specialized NICs. It's fairly hard to find the exact right abstraction
that would provide some benefit to Bro and still be technically
achievable.
to add a bit to this - while there currently is no support (at all) to
offload work into specialized NICs, this actually is one of our research
projects.
