Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 21 replies
  • Subscribers 0 subscribers
  • Views 10388 views
  • Users 0 members are here
Options
Suggested

[9.171][BUG] poor performance due to 'ondemand' CPU scaling governor

BarryG
Hi, I did some testing on my new i5 system, and found that the default CPU scaling governor,  'ondemand', results in a loss of about 60% in IPS throughput vs the 'performance' governor, with no significant power consumption difference.

The Linux kernel devs recommend using 'performance' for all Ivy Bridge, Sandy Bridge, and Haswell generation CPUs until the kernel is upgraded to a newer version (3.10+):
https://plus.google.com/+TheodoreTso/posts/2vEekAsG2QT

Please change the default, or make it easier for the user to do so, or upgrade to a 3.10 or newer kernel, which replaces the old governor system.

Thank you,
Barry
Parents
  • 0
    I just tested with engine=suricata, but put it back to engine=snort.
    After a couple of minutes I wasn't able to browse any website anymore. Upon switching back to snort, I immediately could open all websites again.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0
    I just tested with engine=suricata, but put it back to engine=snort.
    After a couple of minutes I wasn't able to browse any website anymore. Upon switching back to snort, I immediately could open all websites again.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
  • 0 in reply to apijnappels
    I just tested with engine=suricata, but put it back to engine=snort.
    After a couple of minutes I wasn't able to browse any website anymore. Upon switching back to snort, I immediately could open all websites again.


    Hi,

    Tries it today and got the same result. Is there something else im not doing right? Somethings that needs to be restarted as well?

    Regards
    Frank
Unfiltered HTML