Suppose I forgot to say, this is with 2.6.6 kernel and a dual xeon 2.8.. I also noticed another major problem is that NOTHING is set up for SMP.. NO matter how many packets i'm routing or filtering it ALWAYS USES ONE CPU and it's ALWAYS SOFTIRQ that uses all the CPU usage.. It's driving me crazy.. there has to be a bug somewhere that's causing cpu usage, either that or the software is SO poorly written that 100,000 packets per second bring the whole box to it's knees.. it would be sad and god no i'd never use conntrack.. even 10000 pps and conntrack dies a horrible death.. what a nasty piece of code :) On Fri, 2004-06-04 at 19:46, Kresimir Sparavec wrote: > do you use connection tracking? if yes, then you could be in trouble, > conntrack hashing doesn't perform well under load (with kernel 2.4) > > > On Fri, Jun 04, 2004 at 07:07:09PM -0400, Paul wrote: > > What in the WORLD is using so much CPU.. we are getting a denial of > > service attack about 100,000 packets per second and the router is 100% > > cpu, then when I do iptables -t mangle -I PREROUTING ..etc.. -j DROP to > > match the packets and drop them the CPU drops to like 15% ... so my > > question is > > #1. What in the world uses all that cpu simple routing packets in one > > interface and out the other? > > #2. What in the world uses 15% cpu simply blocking packets in the > > prerouting chain? I'm using NAPI and e1000 so i don't see how it could > > even possibly use 15% > > > > Any ideas on how to debug or find out what's causing this? > > > > Thanks > > > > _______________________________________________ > > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
