doc: high performance config

9 years ago · 2354987171
parent ab69c93a28
commit 2354987171
3 changed files with 79 additions and 0 deletions
--- a/doc/sphinx/index.rst
+++ b/doc/sphinx/index.rst
@ -11,3 +11,4 @@ Suricata User Guide
   rules/index.rst
   oinkmaster
   make-sense-alerts
+   performance/index.rst
--- a/doc/sphinx/performance/high-performance-config.rst
+++ b/doc/sphinx/performance/high-performance-config.rst
@ -0,0 +1,72 @@
+High Performance Configuration
+==============================
+
+If you have enough RAM, consider the following options in
+suricata.yaml to off-load as much work from the CPU's as possible:
+
+::
+
+  detect-engine:
+    - profile: medium
+    - custom-values:
+        toclient-src-groups: 200
+        toclient-dst-groups: 200
+        toclient-sp-groups: 200
+        toclient-dp-groups: 300
+        toserver-src-groups: 200
+        toserver-dst-groups: 400
+        toserver-sp-groups: 200
+        toserver-dp-groups: 200
+    - sgh-mpm-context: auto
+    - inspection-recursion-limit: 3000
+
+Be advised, however, that this will require >= 32 GB of RAM for even
+modestly sized rule sets.  Also be aware that having additional CPU's
+available provides a greater performance boost than having more RAM
+available.  That is, it would be better to spend money on CPU's
+instead of RAM when configuring a system.
+
+As a rough benchmark, in an HTTP-rich traffic stream, the full
+Emerging Threats rule set will require roughly one CPU per 50 Mb/sec
+of traffic when using "low" memory settings and using PF_RING to
+ensure there are no traffic drops.
+
+Here are the build in values for LOW/MEDIUM/HIGH profiles:
+
+::
+
+
+  ENGINE_PROFILE_LOW:
+        toclient-src-groups: 2
+        toclient-dst-groups: 2
+        toclient-sp-groups: 2
+        toclient-dp-groups: 3
+        toserver-src-groups: 2
+        toserver-dst-groups: 4
+        toserver-sp-groups: 2
+        toserver-dp-groups: 25
+
+  ENGINE_PROFILE_HIGH:
+        toclient-src-groups: 15
+        toclient-dst-groups: 15
+        toclient-sp-groups: 15
+        toclient-dp-groups: 20
+        toserver-src-groups: 15
+        toserver-dst-groups: 15
+        toserver-sp-groups: 15
+        toserver-dp-groups: 40
+
+If not provided:
+
+::
+
+
+  default and MEDIUM profiles:
+        toclient-src-groups: 4
+        toclient-dst-groups: 4
+        toclient-sp-groups: 4
+        toclient-dp-groups: 6
+        toserver-src-groups: 4
+        toserver-dst-groups: 8
+        toserver-sp-groups: 4
+        toserver-dp-groups: 30
--- a/doc/sphinx/performance/index.rst
+++ b/doc/sphinx/performance/index.rst
@ -0,0 +1,6 @@
+Performance
+===========
+
+.. toctree::
+
+   high-performance-config