eth0 Link encap:Ethernet HWaddr 00:21:F6:50:0D:2B
inet addr:xx.xx.xx.xx Bcast:xx.xx.xx.255 Mask:255.255.255.0
inet6 addr: fe80::221:f6ff:fe50:d2b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13888810655 errors:0 dropped:373754575 overruns:0 frame:0
TX packets:7257203208 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4368569679843 (3.9 TiB) TX bytes:4666896888876 (4.2 TiB)
# sar -n EDEV 5
Linux 3.8.13-118.4.2.el6uek.x86_64 (xxxxxxx) 06/08/2017 _x86_64_ (2 CPU)
09:50:26 AM IFACE rxerr/s txerr/s coll/s rxdrop/s txdrop/s txcarr/s rxfram/s rxfifo/s txfifo/s
09:50:31 AM eth0 0.00 0.00 0.00 12.63 0.00 0.00 0.00 0.00 0.00
09:50:31 AM lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
09:50:31 AM IFACE rxerr/s txerr/s coll/s rxdrop/s txdrop/s txcarr/s rxfram/s rxfifo/s txfifo/s
09:50:36 AM eth0 0.00 0.00 0.00 11.54 0.00 0.00 0.00 0.00 0.00
09:50:36 AM lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Malo matematike, ispada da mi je ta situacija na virtualki traje već tri meseca, ali nisam primetio neki pad performansi. Ono što mi tcpdump daje liči na pakete koje šalje hypervisor (ako dobro tumačim tcpdump):
09:28:36.245976 00:50:56:89:7b:29 (oui Unknown) > 03:bf:0a:73:3a:46 (oui Unknown), ethertype Unknown (0x886f), length 1510:
0x0000: bf01 dec0 0602 0000 0100 0000 0a73 3a46 .............s:F
0x0010: 0a73 3a47 0000 0000 0100 0200 1510 f456 .s:G...........V
0x0020: 778d 0000 0000 0000 0000 0000 00f0 ff6f w..............o
wireshark sam instalirao, ali ne znam kako da protumačim njegov izlaz.
evo šta daje dropwatch:
# dropwatch -l kas
Initalizing kallsyms db
dropwatch> start
Enabling monitoring...
Kernel monitoring activated.
Issue Ctrl-C to stop monitoring
155 drops at dev_ingress_queue_create+70 (0xffffffff814d2e30)
11 drops at dev_ioctl+572 (0xffffffff814d5f02)
10 drops at __mkroute_input+3b0 (0xffffffff815069f0)
2 drops at skb_copy_datagram_const_iovec+296 (0xffffffff814ca766)
4 drops at tcp_rcv_state_process+112 (0xffffffff81525e62)
5 drops at tcp_v4_inbound_md5_hash+264 (0xffffffff8152f634)
2 drops at tcp_v4_gso_send_check+106 (0xffffffff81530836)
6 drops at tcp_rcv_state_process+112 (0xffffffff81525e62)
500 drops at dev_ingress_queue_create+70 (0xffffffff814d2e30)
10 drops at dev_ioctl+572 (0xffffffff814d5f02)
4 drops at tcp_v4_inbound_md5_hash+264 (0xffffffff8152f634)
2 drops at skb_copy_datagram_const_iovec+296 (0xffffffff814ca766)
17 drops at __mkroute_input+3b0 (0xffffffff815069f0)
2 drops at tcp_v4_gso_send_check+106 (0xffffffff81530836)
395 drops at dev_ingress_queue_create+70 (0xffffffff814d2e30)
12 drops at dev_ioctl+572 (0xffffffff814d5f02)
12 drops at __mkroute_input+3b0 (0xffffffff815069f0)
8 drops at tcp_rcv_state_process+112 (0xffffffff81525e62)
6 drops at tcp_v4_inbound_md5_hash+264 (0xffffffff8152f634)
2 drops at unix_stream_connect+1e0 (0xffffffff81573b80)
3 drops at skb_copy_datagram_const_iovec+296 (0xffffffff814ca766)
1 drops at tcp_v4_gso_send_check+106 (0xffffffff81530836)
1 drops at skb_copy_datagram_const_iovec+296 (0xffffffff814ca766)
1 drops at tcp_rcv_state_process+112 (0xffffffff81525e62)
2 drops at unix_stream_connect+1e0 (0xffffffff81573b80)
568 drops at dev_ingress_queue_create+70 (0xffffffff814d2e30)
14 drops at dev_ioctl+572 (0xffffffff814d5f02)
10 drops at __mkroute_input+3b0 (0xffffffff815069f0)
3 drops at tcp_rcv_state_process+112 (0xffffffff81525e62)
2 drops at tcp_v4_inbound_md5_hash+264 (0xffffffff8152f634)
2 drops at tcp_v4_gso_send_check+106 (0xffffffff81530836)
1 drops at .brk.early_pgt_alloc+1e0f1687 (0xffffffffa018b687)
^CGot a stop message
dropwatch> exit
Shutting down ...
Probao sam sa menjanjem kernel parametara, ali setovanja su već bila dobra, neke sam parametre povećao, ali ništa ne menja broj paketa koji idu u drop. Proverio sam i ostale virtualke na istom fizičkom hardveru i one se pristojno ponašaju (rxdrop postoji, ali je manji od 1%).
Pomagajte, šta da radim, gde da tražim ko mi bombarduje server paketima...