[foxroot]

добырй день! Подскажите решение одной проблемы

 

есть NETflow сенсор на centos

Localhost 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17 01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

 

 

modinfo ipt_NETFLOW

filename: /lib/modules/2.6.32-504.3.3.el6.x86_64/extra/ipt_NETFLOW.ko

alias: ip6t_NETFLOW

version: 2.2

description: iptables NETFLOW target module

author: <abc@telekom.ru>

license: GPL

srcversion: ECDD053FB28D2E5A9910D50

depends:

vermagic: 2.6.32-504.3.3.el6.x86_64 SMP mod_unload modversions

parm: destination:export destination ipaddress:port (charp)

parm: inactive_timeout:inactive flows timeout in seconds (int)

parm: active_timeout:active flows timeout in seconds (int)

parm: exportcpu:lock exporter to this cpu (int)

parm: promisc:enable promisc hack (0=default, 1) (int)

parm: debug:debug verbosity level (int)

parm: sndbuf:udp socket SNDBUF size (int)

parm: protocol:netflow protocol version (5, 9, 10=IPFIX) (int)

parm: refresh_rate:NetFlow v9/IPFIX refresh rate (packets) (uint)

parm: timeout_rate:NetFlow v9/IPFIX timeout rate (minutes) (uint)

parm: scan_min:Minimal interval between export scans (jiffies) (uint)

parm: hashsize:hash table size (int)

parm: maxflows:maximum number of flows (int)

 

 

Netlow формируется за чет правила iptables и использование promisc

 

 

В процессе работы обнаружилась неравномерная загрузка ядер проца. подскажите что можно предпринять в таком случае? может у кого была такая проблема?

 

 

Cpu0 : 0.3%us, 0.7%sy, 0.0%ni, 95.3%id, 0.7%wa, 0.3%hi, 2.7%si, 0.0%st

Cpu1 : 0.3%us, 0.7%sy, 0.0%ni, 96.0%id, 0.0%wa, 0.0%hi, 3.0%si, 0.0%st

Cpu2 : 0.0%us, 0.3%sy, 0.0%ni, 96.7%id, 0.0%wa, 0.0%hi, 3.0%si, 0.0%st

Cpu3 : 0.3%us, 0.7%sy, 0.0%ni, 67.6%id, 0.0%wa, 0.0%hi, 31.4%si, 0.0%st

Cpu4 : 0.3%us, 0.3%sy, 0.0%ni, 95.3%id, 0.0%wa, 0.0%hi, 4.0%si, 0.0%st

Cpu5 : 0.3%us, 0.3%sy, 0.0%ni, 96.0%id, 0.0%wa, 0.0%hi, 3.3%si, 0.0%st

Cpu6 : 0.0%us, 1.3%sy, 0.0%ni, 94.9%id, 0.0%wa, 0.0%hi, 3.7%si, 0.0%st

Cpu7 : 0.3%us, 1.0%sy, 0.0%ni, 93.9%id, 0.0%wa, 0.0%hi, 4.7%si, 0.0%st

 

 

cat /proc/net/stat/ipt_netflow

ipt_NETFLOW 2.2, srcversion ECDD053FB28D2E5A9910D50; llist promisc

Protocol version 5 (netflow)

Timeouts: active 1800s, inactive 15s. Maxflows 2000000

Promisc hack is enabled (observed 37956389 packets, discarded 0).

Flows: active 34844 (peak 38126 reached 0d0h4m ago), mem 4963K, worker delay 10/1000 [1..100] (2 ms, 0 us, 297:0 0 [cpu7]).

Hash: size 8192 (mem 64K), metric 4.43 [4.22, 3.62, 2.27]. InHash: 15644122 pkt, 18672554 K, InPDU 13, 18869.

Rate: 1069558386 bits/sec, 91144 packets/sec; Avg 1 min: 1069093814 bps, 93585 pps; 5 min: 955211241 bps, 83592 pps

cpu# pps; <search found new [metric], trunc frag alloc maxflows>, traffic: <pkt, bytes>, drop: <pkt, bytes>

Total 91142; 100500579 31426778 635176 [4.13], 0 0 0 0, traffic: 32061954, 43698 MB, drop: 0, 0 K

cpu0 7982; 8241697 2572569 59113 [3.98], 0 0 0 0, traffic: 2631682, 3805 MB, drop: 0, 0 K

cpu1 8215; 7196824 2257461 50771 [4.02], 0 0 0 0, traffic: 2308232, 3584 MB, drop: 0, 0 K

cpu2 10871; 8650541 2957780 66165 [4.01], 0 0 0 0, traffic: 3023945, 4490 MB, drop: 0, 0 K

cpu3 0; 32093420 10072797 200024 [4.13], 0 0 0 0, traffic: 10272821, 13898 MB, drop: 0, 0 K

cpu4 12118; 8948499 3059042 62305 [4.07], 0 0 0 0, traffic: 3121347, 4225 MB, drop: 0, 0 K

cpu5 9385; 10420638 2889263 56093 [4.31], 0 0 0 0, traffic: 2945356, 3947 MB, drop: 0, 0 K

cpu6 19913; 12158354 3713558 57005 [4.51], 0 0 0 0, traffic: 3770563, 3851 MB, drop: 0, 0 K

cpu7 22658; 12790608 3904309 83700 [4.14], 0 0 0 0, traffic: 3988009, 5895 MB, drop: 0, 0 K

Export: Rate 87840 bytes/s; Total 20011 pkts, 27 MB, 600330 flows; Errors 0 pkts; Traffic lost 0 pkts, 0 Kbytes, 0 flows.

[foxroot]

иногда бывает вот что.

cat /proc/net/stat/ipt_netflow

ipt_NETFLOW 2.2, srcversion ECDD053FB28D2E5A9910D50; llist promisc

Protocol version 5 (netflow)

Timeouts: active 1800s, inactive 15s. Maxflows 2000000

Promisc hack is enabled (observed 283409144 packets, discarded 0).

Flows: active 32490 (peak 38126 reached 0d0h49m ago), mem 5818K, worker delay 10/1000 [1..100] (9 ms, 0 us, 293:0 0 [cpu5]).

Hash: size 160000 (mem 1250K), metric 1.11 [1.09, 1.08, 1.08]. InHash: 42153118 pkt, 35739622 K, InPDU 12, 1914.

Rate: 1117118772 bits/sec, 104492 packets/sec; Avg 1 min: 1063359694 bps, 102934 pps; 5 min: 1054982312 bps, 100460 pps

cpu# pps; <search found new [metric], trunc frag alloc maxflows>, traffic: <pkt, bytes>, drop: <pkt, bytes>

Total 104492; 534251830 272036053 5475934 [2.92], 0 0 0 0, traffic: 277511987, 382314 MB, drop: 0, 0 K

cpu0 0; 38207292 18938989 426305 [1.12], 0 0 0 0, traffic: 19365294, 29355 MB, drop: 0, 0 K

cpu1 0; 40323947 19770933 414887 [1.15], 0 0 0 0, traffic: 20185820, 31214 MB, drop: 0, 0 K

cpu2 0; 41285621 29299820 425448 [1.03], 0 0 0 0, traffic: 29725268, 30989 MB, drop: 0, 0 K

cpu3 104492; 207548442 107275942 2135197 [1.09], 0 0 0 0, traffic: 109411139, 150164 MB, drop: 0, 0 K

cpu4 0; 39588883 18866478 426961 [1.08], 0 0 0 0, traffic: 19293439, 27506 MB, drop: 0, 0 K

cpu5 0; 43608414 19996856 425095 [1.08], 0 0 0 0, traffic: 20421951, 29603 MB, drop: 0, 0 K

cpu6 0; 51433549 22513450 422881 [1.17], 0 0 0 0, traffic: 22936331, 29881 MB, drop: 0, 0 K

cpu7 0; 72255682 35373586 799160 [1.11], 0 0 0 0, traffic: 36172746, 53598 MB, drop: 0, 0 K

Export: Rate 84912 bytes/s; Total 181448 pkts, 253 MB, 5443440 flows; Errors 0 pkts; Traffic lost 0 pkts, 0 Kbytes, 0 flows.

 

pps только на одно ядроб почем так?

[boco]

sysctl net.netflow.scan-min=100 ?

[Igor Diakonov]

cat /proc/interrupts