Company Name: Red Piranha
Announcement Date: 22/08/2019
Announcement Category: Product launch/update
Red Piranha’s Crystal Eye UTM appliances are multi-core systems that enable multi-threaded applications to use the underlying hardware for high performance. Multi-threading scales the system by adding more threads for running different applications which inspect the incoming traffic before transmitting it to the protected network.
One such application running on Crystal Eye appliances for Intrusion Detection and Protection System (IDPS) is the Suricata engine. Suricata is a high performance, multi-threaded IDS, IPS and Network Monitoring engine that can handle gigabits of traffic without any losses. Since failure to inspect a single packet can lead to unwanted intrusions to a network, Crystal Eye uses Suricata to implement high-speed, lossless and highly secure networks.
In our efforts to tune the Crystal Eye appliances to give best performance in high speed networks, Red Piranha has successfully achieved 60Gbps Suricata throughput in the lab on a single commodity hardware 2U unit.
// Test Configuration
Tests were performed on a series 80 dual-socket, dual Xeon E5-2697v4 CPU (HT enabled, total 72 cores), 128Gb RAM running Ubuntu 18.04.2 LTS. 2 x dual-port Intel XL-710 40GbE cards were used for receiving the traffic. Traffic was replayed by TRex traffic generator running on a similar setup. For achieving 60Gbps traffic, a total of 6.2 Mpps were generated by TRex that were handled without loss by a single Suricata instance running in IDS mode. Suricata was instantiated with 14312 signatures Emerging Threats ruleset.
// Traffic Details
We harnessed TRex’s capability of generating stateful traffic using profiles that closely simulated an enterprise network. It had a mix of HTTPs/HTTP browsing data (76%), real-time applications like VoIP, Video captures (12%) in addition to other enterprise traffic replays (12%). Traffic was mostly small realistic flows instead of elephant flows.
// Key Configurations
The test setup was tuned for high performance at the system and application (Suricata) level. Some of the key configurations and tuning performed on the setup were:
- Maintain NUMA locality to the CPU cores.
- Maximize L3 cache hits to handle high traffic rates
- Enable receive side hashing of the traffic to distribute traffic evenly to multiple Suricata worker threads.
- Pin CPU cores to Suricata worker threads and isolate these threads from other user processes.
-Run all other housekeeping tasks on the remaining cores.
// Performance Improvements
Traffic was tested on a normal setup and a tuned setup. The untuned system in our lab did not have NIC tuning and was running default Suricata configs with only memcap modifications for handling high speeds. It was observed that Suricata was not able to handle packets at wire speed and encountered drops on such a system. A tuned system was able to receive the Suricata throughput to 60Gbps as observed in our setup.
// Future Work
The setup used in these tests is the current configuration of Red Piranha’s Crystal Eye Series-80 UTM appliances. These appliances are ideal for high-end security solutions for telecoms or large IT needs. Similar tuning will be performed with the Crystal Eye firmware for different appliances to achieve the best performance for different traffic rates.
Announcement URL: https://redpiranha.net/news/red-piranha-raises-bar-60-gbps-suricata-throughput
About Red Piranha:
Fight cyber crime with our holistic defence in-depth strategy allowing you to Defend, Detect and Respond to threats and helping you Protect confidentiality, ensure integrity and maintain availability.
Red Piranha manufactures and supplies End-to-end security solutions to safeguard your information across the entire network and its borders helping you maintain Confidentiality and Integrity. The easily deployed Crystal Eye multi-layered security next generation firewall range increase security awareness reducing risk exposure from advanced cybercrime, malicious software and insider threats.
In 2015 Red Piranha purchased the DNS.Insure platform and began development on the Crystal Eye Unified Threat Management systems (UTM's) via its security operating system called Crystal Eye. The Red Piranha Crystal Eye Gateway allows the client control over the network, reducing risk of possible attacks through a defense in depth strategy as well as giving the client easy content control over devices that use the network. Managed threat Intelligence defends before attacks are launched, providing the client with solutions which are updated regularly to combat new and persistent threats.
Red Piranha Next-Generation Enterprise Crystal Eye Unified Threat Management (UTM) product family protects the network internally as well as the perimeter, optimizing connectivity and simplifying the administration of network operations. The Crystal Eye product range will be the first product of its kind designed and owned in Australia.
Go to Company Profile for: Red Piranha
Announcement Contact: [email protected]