I recently tried out suricata on my HP T620 Plus thin client.
I was amazed by how CPU hungry this piece of software is. My Down/Up speeds took a hit from 200/200 to 50/50 (granted it is through a VPN).
I suppose I don’t really have a need to run suricata on a home connection but I started wondering. Is there a rule of thumb or any documentation about suricata CPU vs throughput? Does it scale better with cores or frequency? What about dual sockets and NUMA nodes?
I started thinking about repurposing my old 4770K with 16GB of RAM as a firewall but then my ISP rolled out some new 400/400, 600/600 and even 1G/1G (for crazy money) and started wondering what kind of hardware would I need for suricata on the faster plans?
Edit: Forgot to mention, I was using the suricata rules Lawrence Systems used on their video.