[Oisf-users] Massive kernel drops with HTTP traffic
Victor Julien
lists at inliniac.net
Thu Aug 16 13:02:55 UTC 2018
On 16-08-18 14:49, Konstantin Klinger wrote:
> Hello OISF users,
>
> we have some issues with massive capture.kernel_drops (~30-50%) on some
> of our high traffic (>5Gbit/s per interface) 4.1.0dev Suricata instances
> (af_packet). What we found curious about the issue is that there is no
> associated heavy CPU load.
>
> We were able to determine that the problem is related by large volumes
> of HTTP traffic on the interface (such as, for example, huge backups,
> huge file downloads, etc.). Without HTTP traffic (for example after
> filtering port 80/8080 via bpf before inspection) the packets drops
> decreased below 5%. This is also the case after deactivating the HTTP
> parser in the suricata.yaml config.
>
> So our question is if anyone has or had the same issue? Any experience
> to share?
>
> We will do further debugging on this issue and we will try to make the
> problem reproducible by tcpreplaying a captured pcap, but we are not at
> this point yet.
Which git rev? I'm just analyzing a recently added perf regression.
Added in 7e004f52c60c5e4d7cd8f5ed09491291d18f42d2
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list