Low speeds and TLS Engine Errors

So I've just started using this and am a bit unsure how "FastPath" works exactly and I'll drill into some specifics.

I'm testing this on a gigabit (1Gb/940Mb) connection in both a Virtual Machine and on a custom desktop using the 'SW' package.

VM (VMware) = 

CPU: Xeon E5-2690 @ 2.9GHz (4 Cores Allocated)

RAM: 6GB

-----

SW Appliance =

CPU: Pentium G2020 @ 2.9GHz - 2 Cores

RAM: 6GB

-----

Speeds --

On v17.5 I was hitting about 700Mbps down and 280Mbps Up as Snort on the VM was using a single instance (single thread) and running at 99% during the test. When upgraded to v18 EAP, I'm getting about 150Mbps down and 200Mbps up with still a single Snort instance running at 99%

 

On this custom build box next to me with it running, i got about 550Mbps/550Mbps and saw two instances of Snort running up above 90% (one per core I'm guessing) Multiple instances only ran when a multi-connection test was running

 

At one point during the tests I saw Snort on the custom box rise up then drop down to about 2-5% usage after the first few seconds while the test was running. I may have thought this was 'FastPath' behavior but am unsure.

 

TLS Inspection -- I've been really impressed with this so far and It's going to be really usefull. I'm just pretty much noting a few errors I has while running it. Some applications were encountering errors (downloaders, etc...) and the logs showed "Dropped due to TLS engine error"

Further information I have on "Dropped due to TLS engine error" (Example being discord here in the logs but there were a lot of these for other sites):

  • profile_name="Maximum compatibility"
  • bitmask=""
  • key_type="KEY_TYPE__UNKNOWN"
  • fingerprint=""
  • session="0"
  • cert_chain_served="TRUE"
  • cipher_suite="TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
  • sni="discordapp.com"
  • tls_version="TLS version - 1.2"
  • reason="Dropped due to TLS engine error"
  • exception=""
  • message=""

It's not much of a problem as many of the apps that may complain about the TLS drops are easily excluded using the new tools :)