I have just deployed bro onto two systems on my border gateway. They sit off a tap and each system has individual Rx and Tx interfaces bridged using brctl. I am not seeing any interface dropped packets or errors from the Ubuntu host via ifconfig.
When looking at my data within bro that monitors a standalone configuration of br0 has the below line repeated a few times throughout the notice.log
1477283201.681213 - - - - - - - - - PacketFilter::Dropped_Packets 2739608 packets dropped after filtering, 12351460 received, 12351686 on link - - - - - bro Notice::ACTION_LOG3600.000000 F - - - - -
We seem to be getting lots of data and as far as CPU and memory resource consumption goes it’s not under strenuous load. I haven’t changed too much of the configuration of the 2.4.1 build.
Sorry if this has been discussed or asked before but what can I look at optimising or tuning to reduce the packet loss?
One thread I found wasn’t bros issue but the tap and an upgrade of the software fixed it. I cannot do this as it’s without software to tune. It’s a vss active 1gb tap, doesn’t seem to be the tap at this stage but it quite possibly could be