Implementing PF_RING-based Hardware Flow Offload in Suricata

Posted · Add Comment

Last month we have integrated hardware flow offload in PF_RING 7.0. This week Alfredo has presented at Suricon 2017 the integration of hardware flow offload with Suricata and demonstrated that with this technology you can significantly reduce packet drops and CPU load. Below you can see how NetFlow traffic analysis and Suricata can both benefit from this work.

Hardware Flow Offload with Netflow

Hardware Flow Offload with Suricata

Shall you be interested to read the full story, these are the presentation slides. We remind you that the PF_RING source code is available on GitHub nd where you can also find pfflow, a demo application that demonstrates flow offload.