Optimization of network interface settings for the Sensor component

Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

Installing and performing initial configuration of the application

Optimization of network interface settings for the Sensor component

April 2, 2024

ID 266301

Follow these instructions if the application encounters network packet loss or performance issues when processing network traffic.

To reduce network packet loss and incomplete extraction of files from traffic:

Specify the maximum number of RSS queues:
- If the data transfer rate on your network is less than 1 Gbps, set the number to 1.
- If the data transfer rate on your network is greater than 1 Gbps, set the number to 16.
If your network interface does not allow setting the maximum number of RSS queues to 16, set it to the maximum supported number.
Configure symmetric RSS hashing for the network interface. For details on configuring RSS hashing, refer to the vendor documentation of your network adapter.
Create an interrupts.sh file with the following content.
#!/usr/bin/env bash

set -e

dev=$1
min_cpu=$2
max_cpu=$3
step=$4

irs=($(cat /proc/interrupts | grep "$dev" | awk '{split($1,a,":"); print a[1]}'))

cpu=$min_cpu
for ir in ${irs[@]}; do
echo $cpu > /proc/irq/$ir/smp_affinity_list
cpu=$(((cpu + step) % max_cpu))
cat "/proc/irq/$ir/smp_affinity_list"
done
Run the following command:
sudo bash interrupts.sh <dev> <min_cpu> <max_cpu> <step>, where
- <dev> is the network interface whose interrupts you want to distribute among cores.
- <min_cpu> is the first core in the range for network adapter interrupt distribution.
- <max_cpu> is the last core in the range for network adapter interrupt distribution.
- <step>is the increment for picking the next core to assign to interrupts.
  
  Example:
  
  sudo bash interrupts.sh ens192 2 11 1
If you are using NVIDIA Mellanox network adapters (mlx4), configure the number of RSS queues and RSS hashing by running the following commands:
ethtool -L $dev rx 16

ethtool -X $dev equal 16

ethtool -X $dev hfunc xor
If you are using Intel network adapters (i40e), configure the number of RSS queues and RSS hashing:
rmmod i40e && modprobe i40e

ifconfig $dev down

ethtool -L $dev combined 16

ethtool -K $dev rxhash on

ethtool -K $dev ntuple on

ifconfig $dev up

ethtool -X $dev hkey 6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:

5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A:6D:5A equal 16

ethtool -A $dev rx off

ethtool -C $dev adaptive-rx off adaptive-tx off rx-usecs 125

ethtool -G $dev rx 1024

ethtool -N $dev rx-flow-hash tcp4 sdfn

ethtool -N $dev rx-flow-hash tcp6 sdfn

ethtool -N $dev rx-flow-hash udp4 sdfn

ethtool -N $dev rx-flow-hash udp6 sdfn

The network interfaces are configured.

After restarting the application, you must reconfigure the network interfaces following the instructions.

Kaspersky Professional Services

Implementation services. Health check and security system configuration. Contact us if you need expert help.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.