Sonali Gupta wrote:
Observations: We find that the drop is related to HDD writes.
If there are no hard disk writes, then there is no drop even at 80 Mbps. We tested this by using a rule in snort which rarely matches, so that snort hardly logs any packets.
these two observations above lead me to suspect the hardware (more rightly perhaps a driver/kernel related issue)
So, to summarize, we see packet drops in sniffing whenever there is disk I/O happening. We do not suspect the HDD of the machine, as we were able to simulate the problem in two other totally different systems also.
I am not sure which kernel : RHEL ES Version 3 uses...
Chances are its probably a conflict, but on multiple machines is really odd. Alternately try a recent kernel. Possibly something to do with the SATA controller... check for a kernel uprade.
Not sure how feasable is this considering your hardware... : try using another distro... just to check and verify the problem
if the server is not live yet, perhaps you could dump in a recent stock kernel (2.6.12 is out) and see if you get the same problems?
regards Erle