Low speeds and TLS Engine Errors

So I've just started using this and am a bit unsure how "FastPath" works exactly and I'll drill into some specifics.

I'm testing this on a gigabit (1Gb/940Mb) connection in both a Virtual Machine and on a custom desktop using the 'SW' package.

VM (VMware) = 

CPU: Xeon E5-2690 @ 2.9GHz (4 Cores Allocated)

RAM: 6GB

-----

SW Appliance =

CPU: Pentium G2020 @ 2.9GHz - 2 Cores

RAM: 6GB

-----

Speeds --

On v17.5 I was hitting about 700Mbps down and 280Mbps Up as Snort on the VM was using a single instance (single thread) and running at 99% during the test. When upgraded to v18 EAP, I'm getting about 150Mbps down and 200Mbps up with still a single Snort instance running at 99%

 

On this custom build box next to me with it running, i got about 550Mbps/550Mbps and saw two instances of Snort running up above 90% (one per core I'm guessing) Multiple instances only ran when a multi-connection test was running

 

At one point during the tests I saw Snort on the custom box rise up then drop down to about 2-5% usage after the first few seconds while the test was running. I may have thought this was 'FastPath' behavior but am unsure.

 

TLS Inspection -- I've been really impressed with this so far and It's going to be really usefull. I'm just pretty much noting a few errors I has while running it. Some applications were encountering errors (downloaders, etc...) and the logs showed "Dropped due to TLS engine error"

Further information I have on "Dropped due to TLS engine error" (Example being discord here in the logs but there were a lot of these for other sites):

  • profile_name="Maximum compatibility"
  • bitmask=""
  • key_type="KEY_TYPE__UNKNOWN"
  • fingerprint=""
  • session="0"
  • cert_chain_served="TRUE"
  • cipher_suite="TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
  • sni="discordapp.com"
  • tls_version="TLS version - 1.2"
  • reason="Dropped due to TLS engine error"
  • exception=""
  • message=""

It's not much of a problem as many of the apps that may complain about the TLS drops are easily excluded using the new tools :)

Parents
  • Thanks for the feedback. Regarding the SSL/TLS issues - I'm really pleased to hear that overall it's been performing well for you.

    It is unavoidable that some applications will encounter problems and not accept the replacement certificates that we create to allow us to decrypt and re-encrypt the content. Our goal is to make this kind of thing easier to track down and deal with - we hope in future releases to further automate this process.

    For now, we are aware of a number of outstanding issues where error messages are not as useful as they should be. One of these areas is where connections are established then quickly rejected by clients - usually because of certificate validation errors. Discord's client is certainly one that we've seen doesn't like being intercepted.

    Look for things to improve on the logging front in upcoming updates.

Reply Children
No Data