And*_*w B 11 networking domain-name-system linux bind ethtool
我继承了一个大容量缓存名称服务器环境(Redhat Enterprise Linux 5.8,IBM System x3550),它具有不一致的环形缓冲区设置:eth0 为 1020,eth1 为 255。eth0 连接到其本地数据中心的交换机 1,eth1 连接到相同的交换机 2。集群中的每个服务器都在 eth0 或 eth1 是活动接口之间交替,并且每个集群都位于不同的区域。环形缓冲区显然需要保持一致。
这就是事情变得棘手的地方:我在研究为什么许多名称服务器经常记录“错误发送响应:未设置”错误时发现了上述问题,ISC 知识库建议这与出站拥塞有关。具有较高环形缓冲区设置 (1020) 的服务器在 ifconfig 上丢弃的数据包较少(正如人们所期望的那样),但往往会以很高的频率记录上述错误,在我的最高负载组之一中每天约 20k 次。我们将其称为“第 1 组”。具有较低环形缓冲区 (255) 设置的服务器每天丢弃的入站数据包明显更多(同样是预期的),但 BIND 错误的实例要少得多,在同一负载组中通常为 0-150。
这里也不是什么大秘密。缓存 DNS 是一种递归服务:如果某些内容未缓存,则服务器必须代表该问题进行多次查询,直到它最终可以返回答案。这是一个(一进)->(多出)查询关系。修复 RX 环形缓冲区应该使这个数字全面均衡为一个新值,然后在 proc (wmem_max/wmem_default) 中调整内核的出站网络队列可能是一个好主意。
我喜欢能够衡量配置更改对性能问题的影响,所以我写了一份报告来收集一些数据,然后再开始进行生产更改。以下是组 1 中前两台服务器的输出示例:
group1-01
RX: 7166.27/sec av.
TX: 7432.57/sec av.
RXDROP: 7.43/sec av.
unset_err: 27633
group1-02
RX: 7137.37/sec av.
TX: 7398.50/sec av.
RXDROP: 9.94/sec av.
unset_err: 107
这些是公式。请注意,这是一个本地脚本,不依赖于每个服务器必须维护的 shell 脚本。
RXPACK=$(ssh $server "sar -n DEV -f /var/log/sa/sa$(date --date=yesterday '+%d') | grep \"Average: .*\$(awk '{if (\$2 == "00000000") { print \$1 }}' /proc/net/route)\" | awk '{print \$3}'" 2>/dev/null)
TXPACK=$(ssh $server "sar -n DEV -f /var/log/sa/sa$(date --date=yesterday '+%d') | grep \"Average: .*\$(awk '{if (\$2 == "00000000") { print \$1 }}' /proc/net/route)\" | awk '{print \$4}'" 2>/dev/null)
RXDROP=$(ssh $server "sar -n EDEV -f /var/log/sa/sa$(date --date=yesterday '+%d') | grep \"Average: .*\$(awk '{if (\$2 == "00000000") { print \$1 }}' /proc/net/route)\" | awk '{print \$6}'" 2>/dev/null)
TXDROP=$(ssh $server "sudo grep 'error sending response: unset' /var/log/dns_named.1" 2>/dev/null | wc -l)
一旦我开始在我所有的缓存 DNS 环境中运行此报告,我注意到另一个具有几乎相同数据包负载的组,我们将其称为组 2,完全没有问题:
group2-01
RX: 7066.44/sec av.
TX: 7345.95/sec av.
RXDROP: 0.00/sec av.
unset_err: 0
group2-02
RX: 7019.18/sec av.
TX: 7312.47/sec av.
RXDROP: 0.00/sec av.
unset_err: 0
为什么 group2 在不需要进一步调整 RX 环形缓冲区或net.core.wmem_default/ 的情况下以这种方式运行net.core.wmem_max?无论如何,我都需要对环形缓冲区进行规范化,但是在开始使用 /proc 中的 wmem 值之前,我想了解这里发生了什么。
我唯一能想到的是应用程序正在更快地清空队列,但是网络堆栈调整不是我有大量实践经验的事情,我想获得第二意见。(我的眼睛盯着一些 ethtool 的柜台名称,我不会否认)
我已经排除了以下可能性。证明在除法器之后。
sysctl -a两组的第一台服务器和两组的第二台服务器之间的输出匹配。(不包括内核和 fs 部分)出于保密原因,我无法显示原始的 named.conf 或用于排除信息的 grep 过滤器。您必须相信我的话,以下配置参数在所有四台服务器之间都是不变的:
notify no;
allow-transfer { none; };
allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
recursive-clients 100000;
max-cache-size 2G;
max-ncache-ttl 900;
下面是大量的系统信息。“hosthash”只是为了证明循环的每次迭代实际上都在访问不同的服务器,而没有透露实际的主机名。
主机哈希:
group1-1: dc78abcb154b74c87feecb3f35222263d40c028c
group1-2: 9fe491d58fd1e7d4e21e5bf10c164e4cf66e884b
group2-1: fc76bb3ee1ff580c6aba0d685713bb4145bd5fe3
group2-2: b7550c65d37622a131b1e47f066773defbb4d817
for server in $group1_1 $group1_2 $group2_1 $group2_2
do
echo ____________________
ssh $server "echo -en hosthash: \$(echo \$HOSTNAME | sha1sum)\\\n\\\n &&
SARFILE=/var/log/sa/sa\$(date --date=yesterday '+%d') &&
uname -srvmpio &&
sudo /usr/sbin/dmidecode -s system-product-name
dmesg | grep Broadcom &&
head /proc/cpuinfo &&
GWIF=\$(awk '{if (\$2 == 00000000) { print \$1 }}' /proc/net/route) &&
sar -n DEV -f \$SARFILE | egrep '(IFACE|Average)' &&
sar -n EDEV -f \$SARFILE | egrep '(IFACE|Average)' &&
sudo /sbin/ethtool \$GWIF &&
sudo /sbin/ethtool -i \$GWIF &&
sudo /sbin/ethtool -g \$GWIF &&
sudo /sbin/ethtool -c \$GWIF &&
sudo /sbin/ethtool -S \$GWIF &&
echo sysctl linecount: \$(sudo /sbin/sysctl -a | egrep -v '^(fs|kernel)' | wc -l) &&
echo sysctl hash: \$(sudo /sbin/sysctl -a | egrep -v '^(fs|kernel)' | sha1sum)"
done
输出:
____________________
hosthash: dc78abcb154b74c87feecb3f35222263d40c028c -
Linux 2.6.18-308.16.1.el5 #1 SMP Tue Sep 18 07:21:07 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux
IBM System x3550 -[7978AC1]-
bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.1.11 (July 20, 2011)
eth0: Broadcom NetXtreme II BCM5708 1000Base-T (B2) PCI-X 64-bit 133MHz found at mem c8000000, IRQ 90, node addr 001a649db00e
eth1: Broadcom NetXtreme II BCM5708 1000Base-T (B2) PCI-X 64-bit 133MHz found at mem ce000000, IRQ 177, node addr 001a649db010
cnic: Broadcom NetXtreme II CNIC Driver cnic v2.5.7 (July 20, 2011)
Broadcom NetXtreme II iSCSI Driver bnx2i v2.7.0.3 (Aug 04, 2011)
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 23
model name : Intel(R) Xeon(R) CPU E5420 @ 2.50GHz
stepping : 6
cpu MHz : 2493.750
cache size : 6144 KB
physical id : 0
siblings : 4
12:00:01 AM IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
Average: lo 1269.15 1269.15 206600.39 206600.39 0.00 0.00 0.00
Average: eth0 7166.27 7432.57 704051.80 2419779.42 0.00 0.00 0.94
Average: eth1 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: sit0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
12:00:01 AM IFACE rxerr/s txerr/s coll/s rxdrop/s txdrop/s txcarr/s rxfram/s rxfifo/s txfifo/s
Average: lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth0 0.00 0.00 0.00 7.43 0.00 0.00 0.00 0.00 0.00
Average: eth1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: sit0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
driver: bnx2
version: 2.1.11
firmware-version: bc 4.0.3 ipms 1.6.0
bus-info: 0000:04:00.0
Ring parameters for eth0:
Pre-set maximums:
RX: 2040
RX Mini: 0
RX Jumbo: 8160
TX: 255
Current hardware settings:
RX: 1020
RX Mini: 0
RX Jumbo: 0
TX: 255
Coalesce parameters for eth0:
Adaptive RX: off TX: off
stats-block-usecs: 999936
sample-interval: 0
pkt-rate-low: 0
pkt-rate-high: 0
rx-usecs: 18
rx-frames: 12
rx-usecs-irq: 18
rx-frames-irq: 2
tx-usecs: 80
tx-frames: 20
tx-usecs-irq: 18
tx-frames-irq: 2
rx-usecs-low: 0
rx-frame-low: 0
tx-usecs-low: 0
tx-frame-low: 0
rx-usecs-high: 0
rx-frame-high: 0
tx-usecs-high: 0
tx-frame-high: 0
NIC statistics:
rx_bytes: 1505439501410
rx_error_bytes: 0
tx_bytes: 4672574845104
tx_error_bytes: 0
rx_ucast_packets: 15315548049
rx_mcast_packets: 2035415
rx_bcast_packets: 1101989
tx_ucast_packets: 15505474251
tx_mcast_packets: 40018
tx_bcast_packets: 36019
tx_mac_errors: 0
tx_carrier_errors: 0
rx_crc_errors: 0
rx_align_errors: 0
tx_single_collisions: 0
tx_multi_collisions: 0
tx_deferred: 0
tx_excess_collisions: 0
tx_late_collisions: 0
tx_total_collisions: 0
rx_fragments: 0
rx_jabbers: 0
rx_undersize_packets: 0
rx_oversize_packets: 0
rx_64_byte_packets: 92309552
rx_65_to_127_byte_packets: 1243637891
rx_128_to_255_byte_packets: 790117566
rx_256_to_511_byte_packets: 127197337
rx_512_to_1023_byte_packets: 168929387
rx_1024_to_1522_byte_packets: 11591832
rx_1523_to_9022_byte_packets: 0
tx_64_byte_packets: 60586118
tx_65_to_127_byte_packets: 1976738758
tx_128_to_255_byte_packets: 2830395753
tx_256_to_511_byte_packets: 157607989
tx_512_to_1023_byte_packets: 1483716940
tx_1024_to_1522_byte_packets: 406821340
tx_1523_to_9022_byte_packets: 0
rx_xon_frames: 0
rx_xoff_frames: 0
tx_xon_frames: 116422
tx_xoff_frames: 134780
rx_mac_ctrl_frames: 0
rx_filtered_packets: 0
rx_ftq_discards: 0
rx_discards: 0
rx_fw_discards: 14015105
sysctl linecount: 504
sysctl hash: dd6aab90d0fd9ae90742c5f812a78734e2f2ff1c -
____________________
hosthash: 9fe491d58fd1e7d4e21e5bf10c164e4cf66e884b -
Linux 2.6.18-308.16.1.el5 #1 SMP Tue Sep 18 07:21:07 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux
IBM System x3550 -[7978EHU]-
bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.1.11 (July 20, 2011)
eth0: Broadcom NetXtreme II BCM5708 1000Base-T (B2) PCI-X 64-bit 133MHz found at mem c8000000, IRQ 90, node addr 001a6479655c
eth1: Broadcom NetXtreme II BCM5708 1000Base-T (B2) PCI-X 64-bit 133MHz found at mem ce000000, IRQ 177, node addr 001a6479655e
cnic: Broadcom NetXtreme II CNIC Driver cnic v2.5.7 (July 20, 2011)
Broadcom NetXtreme II iSCSI Driver bnx2i v2.7.0.3 (Aug 04, 2011)
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 23
model name : Intel(R) Xeon(R) CPU E5420 @ 2.50GHz
stepping : 6
cpu MHz : 2493.746
cache size : 6144 KB
physical id : 0
siblings : 4
12:00:01 AM IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
Average: lo 1261.04 1261.04 205548.08 205548.08 0.00 0.00 0.00
Average: eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth1 7137.37 7398.50 702340.35 2409580.71 0.00 0.00 0.97
Average: sit0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
12:00:01 AM IFACE rxerr/s txerr/s coll/s rxdrop/s txdrop/s txcarr/s rxfram/s rxfifo/s txfifo/s
Average: lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth1 0.00 0.00 0.00 9.94 0.00 0.00 0.00 0.00 0.00
Average: sit0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
driver: bnx2
version: 2.1.11
firmware-version: bc 4.0.3 ipms 1.6.0
bus-info: 0000:06:00.0
Ring parameters for eth1:
Pre-set maximums:
RX: 2040
RX Mini: 0
RX Jumbo: 8160
TX: 255
Current hardware settings:
RX: 255
RX Mini: 0
RX Jumbo: 0
TX: 255
Coalesce parameters for eth1:
Adaptive RX: off TX: off
stats-block-usecs: 999936
sample-interval: 0
pkt-rate-low: 0
pkt-rate-high: 0
rx-usecs: 18
rx-frames: 12
rx-usecs-irq: 18
rx-frames-irq: 2
tx-usecs: 80
tx-frames: 20
tx-usecs-irq: 18
tx-frames-irq: 2
rx-usecs-low: 0
rx-frame-low: 0
tx-usecs-low: 0
tx-frame-low: 0
rx-usecs-high: 0
rx-frame-high: 0
tx-usecs-high: 0
tx-frame-high: 0
NIC statistics:
rx_bytes: 1501719289640
rx_error_bytes: 0
tx_bytes: 4654179094291
tx_error_bytes: 0
rx_ucast_packets: 15253610508
rx_mcast_packets: 2108112
rx_bcast_packets: 1136240
tx_ucast_packets: 15438361249
tx_mcast_packets: 40135
tx_bcast_packets: 1721
tx_mac_errors: 0
tx_carrier_errors: 0
rx_crc_errors: 0
rx_align_errors: 0
tx_single_collisions: 0
tx_multi_collisions: 0
tx_deferred: 0
tx_excess_collisions: 0
tx_late_collisions: 0
tx_total_collisions: 0
rx_fragments: 0
rx_jabbers: 0
rx_undersize_packets: 0
rx_oversize_packets: 0
rx_64_byte_packets: 92376678
rx_65_to_127_byte_packets: 1183040190
rx_128_to_255_byte_packets: 788176623
rx_256_to_511_byte_packets: 126838328
rx_512_to_1023_byte_packets: 168170816
rx_1024_to_1522_byte_packets: 13350337
rx_1523_to_9022_byte_packets: 0
tx_64_byte_packets: 60806588
tx_65_to_127_byte_packets: 1955234150
tx_128_to_255_byte_packets: 2806601346
tx_256_to_511_byte_packets: 154015585
tx_512_to_1023_byte_packets: 1466206531
tx_1024_to_1522_byte_packets: 405928513
tx_1523_to_9022_byte_packets: 0
rx_xon_frames: 0
rx_xoff_frames: 0
tx_xon_frames: 150648
tx_xoff_frames: 173552
rx_mac_ctrl_frames: 0
rx_filtered_packets: 1
rx_ftq_discards: 0
rx_discards: 0
rx_fw_discards: 19605427
sysctl linecount: 504
sysctl hash: 4626e3788c72e091487afe1e3a7cfd32278ab07d -
____________________
hosthash: fc76bb3ee1ff580c6aba0d685713bb4145bd5fe3 -
Linux 2.6.18-308.16.1.el5 #1 SMP Tue Sep 18 07:21:07 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux
IBM System x3550 -[7978AC1]-
bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.1.11 (July 20, 2011)
eth0: Broadcom NetXtreme II BCM5708 1000Base-T (B2) PCI-X 64-bit 133MHz found at mem c8000000, IRQ 90, node addr 001a649dc68a
eth1: Broadcom NetXtreme II BCM5708 1000Base-T (B2) PCI-X 64-bit 133MHz found at mem ce000000, IRQ 177, node addr 001a649dc68c
cnic: Broadcom NetXtreme II CNIC Driver cnic v2.5.7 (July 20, 2011)
Broadcom NetXtreme II iSCSI Driver bnx2i v2.7.0.3 (Aug 04, 2011)
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 23
model name : Intel(R) Xeon(R) CPU E5420 @ 2.50GHz
stepping : 6
cpu MHz : 2493.750
cache size : 6144 KB
physical id : 0
siblings : 4
12:00:01 AM IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
Average: lo 1891.67 1891.67 266593.77 266593.77 0.00 0.00 0.00
Average: eth0 7066.44 7345.95 730519.41 2215508.99 0.00 0.00 4.37
Average: eth1 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: sit0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
12:00:01 AM IFACE rxerr/s txerr/s coll/s rxdrop/s txdrop/s txcarr/s rxfram/s rxfifo/s txfifo/s
Average: lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: sit0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
driver: bnx2
version: 2.1.11
firmware-version: bc 4.0.3 ipms 1.6.0
bus-info: 0000:04:00.0
Ring parameters for eth0:
Pre-set maximums:
RX: 2040
RX Mini: 0
RX Jumbo: 8160
TX: 255
Current hardware settings:
RX: 1020
RX Mini: 0
RX Jumbo: 0
TX: 255
Coalesce parameters for eth0:
Adaptive RX: off TX: off
stats-block-usecs: 999936
sample-interval: 0
pkt-rate-low: 0
pkt-rate-high: 0
rx-usecs: 18
rx-frames: 12
rx-usecs-irq: 18
rx-frames-irq: 2
tx-usecs: 80
tx-frames: 20
tx-usecs-irq: 18
tx-frames-irq: 2
rx-usecs-low: 0
rx-frame-low: 0
tx-usecs-low: 0
tx-frame-low: 0
rx-usecs-high: 0
rx-frame-high: 0
tx-usecs-high: 0
tx-frame-high: 0
NIC statistics:
rx_bytes: 4640887074833
rx_error_bytes: 0
tx_bytes: 12640942400790
tx_error_bytes: 0
rx_ucast_packets: 46405845860
rx_mcast_packets: 14487857
rx_bcast_packets: 3476467
tx_ucast_packets: 47159091638
tx_mcast_packets: 118147
tx_bcast_packets: 5504
tx_mac_errors: 0
tx_carrier_errors: 0
rx_crc_errors: 0
rx_align_errors: 0
tx_single_collisions: 0
tx_multi_collisions: 0
tx_deferred: 0
tx_excess_collisions: 0
tx_late_collisions: 0
tx_total_collisions: 0
rx_fragments: 0
rx_jabbers: 0
rx_undersize_packets: 0
rx_oversize_packets: 0
rx_64_byte_packets: 136463411
rx_65_to_127_byte_packets: 4245502343
rx_128_to_255_byte_packets: 2357984838
rx_256_to_511_byte_packets: 355610202
rx_512_to_1023_byte_packets: 608223572
rx_1024_to_1522_byte_packets: 65320154
rx_1523_to_9022_byte_packets: 0
tx_64_byte_packets: 112166114
tx_65_to_127_byte_packets: 3010346100
tx_128_to_255_byte_packets: 4087240164
tx_256_to_511_byte_packets: 1625596725
tx_512_to_1023_byte_packets: 3037109096
tx_1024_to_1522_byte_packets: 927187571
tx_1523_to_9022_byte_packets: 0
rx_xon_frames: 0
rx_xoff_frames: 0
tx_xon_frames: 79164
tx_xoff_frames: 89685
rx_mac_ctrl_frames: 0
rx_filtered_packets: 1
rx_ftq_discards: 0
rx_discards: 0
rx_fw_discards: 6857729
sysctl linecount: 504
sysctl hash: dd6aab90d0fd9ae90742c5f812a78734e2f2ff1c -
____________________
hosthash: b7550c65d37622a131b1e47f066773defbb4d817 -
Linux 2.6.18-308.16.1.el5 #1 SMP Tue Sep 18 07:21:07 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux
IBM System x3550 -[7978EHU]-
bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.1.11 (July 20, 2011)
eth0: Broadcom NetXtreme II BCM5708 1000Base-T (B2) PCI-X 64-bit 133MHz found at mem c8000000, IRQ 90, node addr 00215e3f1ec4
eth1: Broadcom NetXtreme II BCM5708 1000Base-T (B2) PCI-X 64-bit 133MHz found at mem ce000000, IRQ 177, node addr 00215e3f1ec6
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 23
model name : Intel(R) Xeon(R) CPU E5420 @ 2.50GHz
stepping : 6
cpu MHz : 2493.753
cache size : 6144 KB
physical id : 1
siblings : 4
12:00:01 AM IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
Average: lo 1883.04 1883.04 263726.79 263726.79 0.00 0.00 0.00
Average: eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth1 7019.18 7312.47 720911.92 2214861.10 0.00 0.00 1.02
Average: sit0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
12:00:01 AM IFACE rxerr/s txerr/s coll/s rxdrop/s txdrop/s txcarr/s rxfram/s rxfifo/s txfifo/s
Average: lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: sit0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
driver: bnx2
version: 2.1.11
firmware-version: bc 4.0.3 ipms 1.6.0
bus-info: 0000:06:00.0
Ring parameters for eth1:
Pre-set maximums:
RX: 2040
RX Mini: 0
RX Jumbo: 8160
TX: 255
Current hardware settings:
RX: 255
RX Mini: 0
RX Jumbo: 0
TX: 255
Coalesce parameters for eth1:
Adaptive RX: off TX: off
stats-block-usecs: 999936
sample-interval: 0
pkt-rate-low: 0
pkt-rate-high: 0
rx-usecs: 18
rx-frames: 12
rx-usecs-irq: 18
rx-frames-irq: 2
tx-usecs: 80
tx-frames: 20
tx-usecs-irq: 18
tx-frames-irq: 2
rx-usecs-low: 0
rx-frame-low: 0
tx-usecs-low: 0
tx-frame-low: 0
rx-usecs-high: 0
rx-frame-high: 0
tx-usecs-high: 0
tx-frame-high: 0
NIC statistics:
rx_bytes: 4621548539323
rx_error_bytes: 0
tx_bytes: 12598031299743
tx_error_bytes: 0
rx_ucast_packets: 46260356368
rx_mcast_packets: 5352446
rx_bcast_packets: 3474589
tx_ucast_packets: 47008853953
tx_mcast_packets: 118164
tx_bcast_packets: 5471
tx_mac_errors: 0
tx_carrier_errors: 0
rx_crc_errors: 0
rx_align_errors: 0
tx_single_collisions: 0
tx_multi_collisions: 0
tx_deferred: 0
tx_excess_collisions: 0
tx_late_collisions: 0
tx_total_coll
即使您确定您的服务器拥有负载均衡器 VIP 的完整列表,也仍应运行数据包捕获。仅仅因为您的计算机不会响应 IP 地址的 ARP,并不意味着伪造的数据包无法发送到它。确保发送到您的 MAC 地址的流量与配置的 IP 地址匹配。
我很感谢人们花时间回答这个问题,但我自己的尽职调查却缺乏。事后看来,我需要构建一个如下所示的 PCAP 滤波器:
tcpdump -i eth0 -n 'ether dst aa:bb:cc:dd:ee:ff and not (dst host 1.2.3.4 or dst host 5.6.7.8 or...)'
在哪里:
aa:bb:cc:dd:ee:ff = HW addr of eth0
1.2.3.4, 5.6.7.8 = list of destination addresses that traffic is expected on
有许多负载均衡器 VIP 没有提供给我(我不控制 LB),它们在 TCP 端口 53 上传递流量的方式会导致 RX 丢弃。这些旧 IP 上的流量非常低,以至于管理员观察线路上的流量时不太可能注意到。
| 归档时间: |
|
| 查看次数: |
1655 次 |
| 最近记录: |