How to measure CPU usage of netfilter

Linux Netfilter discussions
 help / color / mirror / Atom feed

* How to measure CPU usage of netfilter
@ 2006-11-21  0:40 Mohammad Farooq
  2006-11-21  1:10 ` Mike Williams
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Mohammad Farooq @ 2006-11-21  0:40 UTC (permalink / raw)
  To: netfilter

Hi Guys,

  I have about 1000 rules in the iptables. All these rules just forward 
the incoming traffic to other systems. I am trying to measure CPU usage 
of the netfilter. I tried to measure with top command but some how it 
always shows that CPU is 95% idle. I am not sure if top is the 
appropriate command to measure CPU usage of the netfilter. Since all the 
filtering is happening inside the kernel there should be some other command to 
measure kernel's CPU usage. I would appreciate if someone can point to 
the right direction. Thanks.

  mf

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: How to measure CPU usage of netfilter
  2006-11-21  0:40 How to measure CPU usage of netfilter Mohammad Farooq
@ 2006-11-21  1:10 ` Mike Williams
  2006-11-21 10:08 ` load balancing multiple isp ArioS
  2006-11-23  2:45 ` How to measure CPU usage of netfilter Yakov Lerner
  2 siblings, 0 replies; 5+ messages in thread
From: Mike Williams @ 2006-11-21  1:10 UTC (permalink / raw)
  To: netfilter

On Tuesday 21 November 2006 00:40, Mohammad Farooq wrote:
> Hi Guys,
>
>   I have about 1000 rules in the iptables. All these rules just forward
> the incoming traffic to other systems. I am trying to measure CPU usage
> of the netfilter. I tried to measure with top command but some how it
> always shows that CPU is 95% idle. I am not sure if top is the
> appropriate command to measure CPU usage of the netfilter. Since all the
> filtering is happening inside the kernel there should be some other command
> to measure kernel's CPU usage. I would appreciate if someone can point to
> the right direction. Thanks.

While I don't know if there is a "right way", 5% is probably about right, even 
taking into account the top overhead.
I have a fairly complex iptable setup on a PIII 800 pushing over 40Mbps of 
mostly web traffic, NATting it to a varity of webservers on 2 different 
physical networks. Conntrack gets upto and over 60000. The busiest webserver 
handles in excess of 300 requests a second coming through the firewall.
We've just passed peak usage and the CPU usage averaged a little over 20% over 
the period, according to the nice rrdtool graphs cacti generates for me from 
snmp.

I'm also using ulogd to log dropped packets. CPU usage can average ~40% higher 
if that gets too large, or fills the disk (which it's done a couple times). I 
should turn it off really...

-- 
Mike Williams

-- 
Mike Williams

^ permalink raw reply	[flat|nested] 5+ messages in thread

* load balancing multiple isp
  2006-11-21  0:40 How to measure CPU usage of netfilter Mohammad Farooq
  2006-11-21  1:10 ` Mike Williams
@ 2006-11-21 10:08 ` ArioS
  2006-11-21 15:27   ` Taylor, Grant
  2006-11-23  2:45 ` How to measure CPU usage of netfilter Yakov Lerner
  2 siblings, 1 reply; 5+ messages in thread
From: ArioS @ 2006-11-21 10:08 UTC (permalink / raw)
  To: netfilter

Dear,

anyone have experience bout load balancing on multiple isp ? i have 3 
connection from different isp (A = 64kb , B = 128kb , C = 128kb). howto mix 
these 3 isp into 1 virtually.. so if bw on ISP A is lacked then the 
connection will move to ISP B. currently i did manual route for specific 
network to specific ISP... it really hard to balance it with manual route. 
any clue ? 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: load balancing multiple isp
  2006-11-21 10:08 ` load balancing multiple isp ArioS
@ 2006-11-21 15:27   ` Taylor, Grant
  0 siblings, 0 replies; 5+ messages in thread
From: Taylor, Grant @ 2006-11-21 15:27 UTC (permalink / raw)
  To: ArioS; +Cc: netfilter

ArioS wrote:
> anyone have experience bout load balancing on multiple isp ? i have 3 
> connection from different isp (A = 64kb , B = 128kb , C = 128kb). howto 
> mix these 3 isp into 1 virtually.. so if bw on ISP A is lacked then the 
> connection will move to ISP B. currently i did manual route for specific 
> network to specific ISP... it really hard to balance it with manual 
> route. any clue ?

Look in to the "--next-hop" "ip route" command option.  I think you will 
find what you are looking for in the fact that you can have multiple next hops.

Something to keep in mind is that if you are NATing each ISP connection, you 
can not have a stream migrate from one ISP to another b/c you will break 
connection state on your end, or even if your end could handle it, the 
server you are connecting to would flip out.  From the server's point of 
view, it would be talking to Bob and Bob would stop mid sentence and Tom 
would start where Bob left of with out the ability to correlate what Bob and 
Tom were saying in to one coherent stream.

Grant. . . .

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: How to measure CPU usage of netfilter
  2006-11-21  0:40 How to measure CPU usage of netfilter Mohammad Farooq
  2006-11-21  1:10 ` Mike Williams
  2006-11-21 10:08 ` load balancing multiple isp ArioS
@ 2006-11-23  2:45 ` Yakov Lerner
  2 siblings, 0 replies; 5+ messages in thread
From: Yakov Lerner @ 2006-11-23  2:45 UTC (permalink / raw)
  To: Mohammad Farooq; +Cc: netfilter

On 11/21/06, Mohammad Farooq <mohammadfarooq@tango-networks.com> wrote:
>   I have about 1000 rules in the iptables. All these rules just forward
> the incoming traffic to other systems. I am trying to measure CPU usage
> of the netfilter. I tried to measure with top command but some how it
> always shows that CPU is 95% idle. I am not sure if top is the
> appropriate command to measure CPU usage of the netfilter. Since all the
> filtering is happening inside the kernel there should be some other command to
> measure kernel's CPU usage. I would appreciate if someone can point to
> the right direction. Thanks.

You can try 'cpusoak'  tool from Andrew Morton zc toolset:
    http://www.zipworld.com.au/~akpm/linux/zc.tar.gz
cpusoak which accurately measures cpu consumption by the kernel.

Yakov


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2006-11-23  2:45 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-21  0:40 How to measure CPU usage of netfilter Mohammad Farooq
2006-11-21  1:10 ` Mike Williams
2006-11-21 10:08 ` load balancing multiple isp ArioS
2006-11-21 15:27   ` Taylor, Grant
2006-11-23  2:45 ` How to measure CPU usage of netfilter Yakov Lerner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox