Maximal speeds are interesting, but they arn't so very usefull from an operational standpoint. Rarely do real world networks operate at a devices' optimal performance zone.

Luckaly there is more information that just the maximum and minimums. Below is a table of graph pages for each of the configs used in this report.

But first lets take a look at a few interesting graphs.

ganamead/ir_wm_snort_inline.null/all.snmp.outofdut.lgraph.png
ganamead/ir_wm_snort_inline.null/all.snmp.outofdut.lgraph.png
This graph was taken from the second network configuration and using the snort_inline.null configuration.
From the average 200 bytes / pkt to 900 bytes per packet the performance of both devices is rather linear. The nonlinearity at < 200 bytes / pkt is due to the traffic generation becoming overworked and not being able to keep up.

ganamead/ir_wm_snort_inline.all_preproc/all.snmp.outofdut.lgraph.png
ganamead/ir_wm_snort_inline.all_preproc/all.snmp.outofdut.lgraph.png
This graph was taken from the second network configuration and using the snort_inline.all_preproc configuration.
After the preprocessors have had there say the shape of the curves have changed. The difference between the simple wgets and the mtu slid wgets is now visible, as well as the fact that the maximal packet rate is clearly an artifact of small packets.

ganamead/ir_wm_snort_inline.all/all.snmp.outofdut.lgraph.png
ganamead/ir_wm_snort_inline.all/all.snmp.outofdut.lgraph.png
This graph was taken from the second network configuration and using the snort_inline.all configuration.
When all the default snort_inline rules are added, several things become apparent. The first is that the perfromance difference between the intel and realtek is dereased to maybe 1 kpkt /sec. The next is that the smaller packets are back down to 10K/sec, and the slopes of the different traffic generation are different.

ganamead/ir_wm_snort_inline.bleeding/all.snmp.outofdut.lgraph.png
ganamead/ir_wm_snort_inline.bleeding/all.snmp.outofdut.lgraph.png
This graph was taken from the second network configuration and using the snort_inline.bleeding configuration.
It is interesting to note that the maximal packet rate and bit rate of this config is similar to the default inline_snort config. One difference is that the slope of the simple wget traffic generation is more negative. This could be an indication that teh cost of a new http connection is greater for the bleeding-all rules than for the default config file.

By comparing both the different configurations and the differeing results we can start to see differing trends, as well as examine the cost of a config option across the entire range of average packet sizes.

Other Observations

• both cards drop packets without reporting that fact {add link to discussion}
• The interupt mitigation code for the intel seems to kick in at about 6000 packets/sec {dito}