Capture traffic in parallel from a single Network Interface Card

"Huge traffic" and "t3.micro" are not terms that go together. What does "huge" mean in this case? It's not a number and the term will mean different things to different people.

I'd note that for actual scale you shouldn't be sending traffic to a single instance; consider instead using a Network Load Balancer or maybe even a Gateway Load Balancer as a target. Ref: https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-targets.html

Huge means huge amount of traffic sent to the instance that the network card capture might be faster than the CPU reading from it thats why we parallelize data from network card to number of CPU. Anyways, thanks to the technical support they guided me to the below solution from this link (https://github.com/amzn/amzn-drivers/blob/master/kernel/linux/ena/ENA_Linux_Best_Practices.rst#configuring-rss): The ENA device supports RSS, and depending on the instance type, allows to configure the hash function, hash key and indirection table. Please note that hash function/key configuration is supported by the 5th generation network accelerated instances (c5n, m5n, r5n etc) and all 6th generation instances (c6gn, m6i etc). Also Linux kernel 5.9 or newer is required for hash function/key configuration support but the major Linux distributions ported the driver support to kernels older than v5.9 (For example Amazon Linux 2 supports it since kernel 4.14.209). You can also manually install GitHub driver v2.2.11g or newer to get this support if your instance doesn't come with it.