2017-06-28 12:23 GMT+02:00 Florian Westphal <fw@xxxxxxxxx>: > Bjørnar Ness <bjornar.ness@xxxxxxxxx> wrote: >> 2017-06-26 15:16 GMT+02:00 Florian Westphal <fw@xxxxxxxxx>: >> > perf top might help pinpoint the source. > > Leaving this here, this info would help. > >> > What kernel is this, exactly? >> > >> > 4.10 (and 4.9.14 and later) has a change to make gc worker use less >> > cycles. >> >> We see the behavior in 4.11.0 and 4.12.0-rc6 as well >> >> > But I don't see the NAT connection. >> >> Not sure what you mean here. We do not eed to have rules in the >> postrouting chain for it to tear down the server. > > I mean that presence of NAT postrouting hook has, to the best of my > knowledge, no effect on the ct gc worker. > > But perhaps this isn't the gc worker after all, perf top would help. I will give it a go next week, but as this is in production, its not ideal to use for testing.. > The only effect that the postrouting hook has is bringing rhashtables > 'rhlist' interface into the mix, as we use that for the nat bysource > table. > >> Monitoring conntrack entries also shows me >> this is stable around 120k > > What does that mean? > Do you mean you run into problems after 120k entries? No, I mean when I watch conntrack entries, I do not see a sudden increase/climb, it was more or less stable at ~120k entries. -- Bj(/)rnar -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
