... when diagnosing performance issues which you normally don't see on Xeon server class systems with two physical CPU's and 8 cores on each and 16-64Gb ram.
However now that we're deploying a heck load more Soekris devices running OpenBSD as routers with various functions we've learnt a lot more than just the basic OpenBSD admin tasks.
One such Soekris 6501 has IKE two IKE VPN's to two external sites, one of which had shed load of bidirectional traffic which seems to affect the other VPN.
The first thing to do when you suspect any device is being overloaded is to check processor usage using the 'top' command. We found that the it was hovering between 86% - almost 96% at its peak.
Usually this is around 5% max, and still mostly around 99% idle on other Soekris 6501 units.
The problem is that the Atom processors are not very powerful, think about the last time you used a netbook and were frustrated with the constant delays in doing tasks because it was so damn slow.
Now you've got a comparatively slow CPU with NO hardware accelerated encryption/decryption capabilities trying to push 20MBps...
Check your network throughput with 'systat ifstat 1' it shows ibytes (input) and obytes (output) on each interface including the enc* tunnels (VPN's). This is a great command for monitoring network throughput.
There are some other systat options you can use, such as 'systat iostat', 'systat netstat', 'systat rules', 'systat states' and so on, I recommend checking out the man page for more options.
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/systat.1?query=systat&sec=1
Of course don't forget to also use the most basic commands, I recommend Learn UNIX in 10 minutes to help you refresh your memory ;-)
Yet another IT blog, I hope you find it useful! Plan for the worst, hope for the best
No comments:
Post a Comment