Suricata With Rte_flow: Improving the Performance of IPS an... - Adam Kiripolský & Eliška Červinková

Описание: Suricata With Rte_flow: Improving the Performance of IPS and IDS With Hardware Acceleration - Adam Kiripolský & Eliška Červinková, Cesnet

Intrusion Detection and Prevention Systems (IDS/IPS) play a vital role in securing modern-day networks. However, as network speeds increase, software-based IDS/IPS like Suricata need to evolve to sustain their high performance in these new high-speed environments. Our work aims to accelerate open-source Suricata IDS by utilizing the rte_flow API in DPDK.

By taking advantage of rte_flow, we improve performance through various optimizations, such as encapsulation stripping or filtering user-predefined traffic.

To support Suricata's bypass of undesired flows, e.g., elephant or encrypted flows, we have also looked into the dynamic insertion of rte_flow rules. The new rte_flow support in Suricata enhances Suricata's already existing software filtering capabilities by adding a prefiltration step directly to the network card.

We evaluated Suricata's performance with our project Suricata-CI, an open-source toolset capable of testing Suricata with different traffic profiles.

This talk demonstrates how hardware acceleration can enhance network analysis efficiency in high-speed environments, showcases tools used to test these features, and presents the results we have achieved.