Hello, I searched the Hacker forum threads for mention of the Intel Hyperscan feature on the newer Intel CPU’s. It’s probably not on the DEV roadmap because VyOS wants to stay platform agnostic. However, I come from a background of playing with Suricata based IPS’s etc… I can speak for testing performance in IPS engines with and without Hyperscan. I saw a significant performance boost. I thought it might be worthy of mention. Might there ever be an install option where the hyperscan functionality might be enabled at the point of install?
Sorry, I only meant to imply the hyperscan functionality might prove useful in expediting certain route table lookups etc…it was built to take advantage of the ssse instruction set on intel CPU’s. I think it has lots of applications in the realm of SDN. That’s what I was really asking about. Thanks for getting back to me in any case.
I will suggest submit feature request, with detailed description of use cases
please grab account at https://phabricator.vyos.net and submit it to 1.2.x
Thank you for participation!
I’ll do a bit of digging for practical use cases where hyperscan can benefit vyOS. Then I’ll create a feature request for 1.2 as you suggested. And thanks for vyOS! I see it as a really beautiful feature rich alternative to enterprise routers. Guys like me really appreciate this stuff.
I wanted to follow up with a few questions in order to properly craft the feature request.
Hyperscan is basically a software library that speeds up tasks that make use of large-scale regex or literal matching.
I realize there are several components within vyOS.
Hi, hyperscan is definitely beneficial for performance in IDS/IPS scenarios. All the research I had done suggested that because of the way route lookups are implemented, it’s not a beneficial feature to speed up the lookups. I had somewhat abandoned the idea after looking into this further. I’ve dealt with IPS’s (Suricata) extensively. It’s super complex on its own. I really think it’s better off as a separate device/VM forsake of simplicity and maintaining the software in general.
