So I've just started using this and am a bit unsure how "FastPath" works exactly and I'll drill into some specifics.
I'm testing this on a gigabit (1Gb/940Mb) connection in both a Virtual Machine and on a custom desktop using the 'SW' package.
VM (VMware) =
CPU: Xeon E5-2690 @ 2.9GHz (4 Cores Allocated)
RAM: 6GB
-----
SW Appliance =
CPU: Pentium G2020 @ 2.9GHz - 2 Cores
RAM: 6GB
-----
Speeds --
On v17.5 I was hitting about 700Mbps down and 280Mbps Up as Snort on the VM was using a single instance (single thread) and running at 99% during the test. When upgraded to v18 EAP, I'm getting about 150Mbps down and 200Mbps up with still a single Snort instance running at 99%
On this custom build box next to me with it running, i got about 550Mbps/550Mbps and saw two instances of Snort running up above 90% (one per core I'm guessing) Multiple instances only ran when a multi-connection test was running
At one point during the tests I saw Snort on the custom box rise up then drop down to about 2-5% usage after the first few seconds while the test was running. I may have thought this was 'FastPath' behavior but am unsure.
TLS Inspection -- I've been really impressed with this so far and It's going to be really usefull. I'm just pretty much noting a few errors I has while running it. Some applications were encountering errors (downloaders, etc...) and the logs showed "Dropped due to TLS engine error"
Further information I have on "Dropped due to TLS engine error" (Example being discord here in the logs but there were a lot of these for other sites):
- profile_name="Maximum compatibility"
- bitmask=""
- key_type="KEY_TYPE__UNKNOWN"
- fingerprint=""
- session="0"
- cert_chain_served="TRUE"
- cipher_suite="TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
- sni="discordapp.com"
- tls_version="TLS version - 1.2"
- reason="Dropped due to TLS engine error"
- exception=""
- message=""
It's not much of a problem as many of the apps that may complain about the TLS drops are easily excluded using the new tools :)