Hi Slava, On Tue, Oct 27, 2009 at 10:27:25AM +0200, Slava Dubrovskiy wrote:
> Why Core Process use only one processor? Seems not optimally ;) Because all the NetFlow processing happens within a single thread. At the very essence of your query about DDoS and CPU load there is a point: a) what CPU we speak about and b) understand how much each feature contributes to the total CPU load, ie. Pre-Tagging, NetFlow processing, whatever other feature might be activated. This would say where to address the optimization efforts (in terms of finding a better way to configure your specific setup or, why not, to understand if there is margin to optimize some part of the nfacctd code). Or did you already stumble under a DDoS with and without tagging enabled so that you already have a figure in this sense - hence this is why your suspicion are already going that direction? > Yes. I use sampling ??10. Seems solution for me use x100 > > But under ddos we receive a considerable quantity of small packages and > then the big error. The other idea that comes to my mind is clustering the collector: by introducing a load-balancing layer in the middle and spread the load over multiple boxes? Cheers, Paolo _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
