Why CPU utilization of a process 'ksoftirqd/X' increases when iptables are enabled on the system ?
Issue
- Below iptable rule is added which will drop INVALID packets.
[root@xxxx ~]# iptables -L INPUT -n -v | grep INVALID
58M 41G DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
- When iptables are enabled with above rule in place, the CPU utilization of process
ksoftirqd/Xincreases to 80-90% . - When iptables are disable the cpu usage of
ksoftirqd/Xis 13-18%. - When malformed packets are send, they get drop by above iptable rule and CPU utilization of
ksoftirqd/Xprocess increases. - Why iptable rule when enabled, causes CPU usage rise ?
top - 02:17:29 up 2 days, 16:12, 2 users, load average: 1.30, 1.50, 1.07
Tasks: 233 total, 2 running, 231 sleeping, 0 stopped, 0 zombie
Cpu(s): 7.9%us, 4.9%sy, 0.0%ni, 84.9%id, 0.6%wa, 0.2%hi, 1.5%si, 0.0%st
Mem: 3926168k total, 3645548k used, 280620k free, 8704k buffers
Swap: 2064280k total, 1790088k used, 274192k free, 197364k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
9 root 20 0 0 0 0 R 94.2 0.0 66:13.07 [ksoftirqd/1]
15989 ccmservi 20 0 340m 28m 9.8m S 5.8 0.7 65:16.60 /usr/local/cm/bin/RisDC
Environment
- Red Hat Enterprise Linux (RHEL) 6.2
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
