Hello, Well hopefully today or tomorrow we will be completely isolating that part of the network and moving it onto it's own network which is not physically connect to the internal lan. Michael. On Wed, 18 Aug 2004 07:57:51 -0400 "Jason Opperisano" <Jopperisano@xxxxxxxxxxxxxxxx> wrote: > > We seem to have a problem with multi-cast packets, our develop team was testing some kind of load balancer > > which is > > causing about 100 packets a second to be sent out continuously: > > > > > > 05:35:44.864029 IP X.X.X.9128 > 230.0.0.1.9128: UDP, length: 1000 > > > > So this drives up the network card IRQ request I believe using anywhere from 10%-80% of the CPU: > > > > 4 root 19 19 0 0 0 SWN 17.1 0.0 225:28 1 ksoftirqd_CPU1 > > 3 root 19 19 0 0 0 SWN 14.5 0.0 228:31 0 ksoftirqd_CPU0 > > > > So I thought about adding in a iptables rule to block all the traffic but it is not working. I have added the > > following rules with out effect: > > > > iptables -I INPUT -i eth1 -s X.X.X.X -j DROP > > iptables -I FORWARD -i eth1 -s X.X.X.X -j DROP > > > > I never see the byte counters increment at all .. they are staying at zero ?? > > maybe: > > iptables -I INPUT -i eth1 -d 230.0.0.1 -j DROP > > or: > > iptables -I INPUT -m pkttype --pkt-type multicast -j DROP > > this won't necessarily help your problem of the packets chewing up IRQ requests, as the packets are still being > received by the NIC and passed up the stack. maybe you need a screening firewall for your firewall? > > -j > > > > > -- Michael Gale Network Administrator Utilitran Corporation
