Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Excessive CPU usage in 5308XL

Joao Sousa
Occasional Visitor

Excessive CPU usage in 5308XL

Hello

(This is probably a very naive question)

I am trying to setup a linux box as a firewall/gateway for a network segment that will have guest user access.

The linux box has one NIC (eth0) on the administrative VLAN of the procurve switches and the other NIC (eth1) on another switch containing the guest network.

In this setup, if I start to transfer large files to the guest pc (behind the firewall) from a server on the administrative VLAN, I get about 50% CPU usage on the 5308XL and icmp echo timeouts.

If I turn on IP masquerading in the linux box, then transferring large files from the server does not cause excessive CPU load on the switch nor icmp echo timeouts.

My question/doubt is what may be causing this? Will I have to hide all the guests behind the ip of the linux box?

The basic setup is as follows:

guest pc --- [switch] --- FIREWALL --- [2848] --- [5308XL] --- [2824] --- server

6 REPLIES
Stuart Teo
Trusted Contributor

Re: Excessive CPU usage in 5308XL

Here's my guess.

When you have ipmasq turned off, the rate at which the firewall routes packet is high enough to cause a higher cpu utilization on the 5308. If that's true, you should also see increased utilization on the 2824 as well.

When you have ipmasq turned on, the firewall's rate of passing packets drops due to the ipmasq modifying the ip headers before routing it. That might result in the cpu utilization of the 5308 dropping.

Overall, I do not have enough info to give you a good answer. Some questions I have in mind are:

1) is eth0 of your linux box a GigE card?
2) is eth1 of your linux box a GigE card?
3) which transfer protocol were you using? ftp? nfs?
4) did the throughput of the file transfer drop with ipmasq turned on?

If a problem can be fixed, there's nothing to worry. If a problem can't be fixed, worrying ain't gonna help. Bottom line: don't worry.
Joao Sousa
Occasional Visitor

Re: Excessive CPU usage in 5308XL

Thank you for your interest.

The FW has, at the moment, 100BaseT NICs. Before it had two DLink Giga NICs on both eth1 and eth0 and the same behavior was occurring. The testing firewall is an old pentium3 (450MHz).

What is really striking is that with MASQ, the transfer is at top speed with about 3-4% CPU use on the 5308XL. When MASQ is disabled, the transfer is slower (but not less than half-speed) and the 5308XL CPU loads considerably.

This load happens whenever I transfer large files using either windows sharing or FTP (or using another server).

I can manage with the MASQ on, but leaving such an intriguing problem alone is unconformable.

Thank you
JS
Stuart Teo
Trusted Contributor

Re: Excessive CPU usage in 5308XL

I missed something in my last post. With ipmasq turned on, the 5308xl is switching. With ipmasq turned off, someone needs to be routing. Could that someone be the 5308xl?

What's the ip address of the
1) guest pc
2) server
3) eth0 and eth1 of the linux box?
If a problem can be fixed, there's nothing to worry. If a problem can't be fixed, worrying ain't gonna help. Bottom line: don't worry.
Markku Leinio
Valued Contributor

Re: Excessive CPU usage in 5308XL

Which firmware version do you have in 5308XL?

We are experiencing high CPU loads in our 5304XL (doing routing). Tested firmware versions are E.08.01 and E.08.03. HP is investigating the issue.
Joao Sousa
Occasional Visitor

Re: Excessive CPU usage in 5308XL

Hi

I took advantage of the Easter Holidays to flash the firmware of the 580xs from the before last to the latest revision.

It seems that the solution to this problem lies within the latest firmware (E.08.03). I'll test it further during next week.

Thank you very much to all for your help.
Joao Sousa
Occasional Visitor

Re: Excessive CPU usage in 5308XL

The problem persists, albeight masked by traffic shaping of the firewall.