Why CPU utilization of a process 'ksoftirqd/X' increases when iptables are enabled on the system ?
Issue
- Below iptable rule is added which will drop INVALID packets.
[root@xxxx ~]# iptables -L INPUT -n -v | grep INVALID
58M 41G DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
- When iptables are enabled with above rule in place, the CPU utilization of process
ksoftirqd/X
increases to 80-90% . - When iptables are disable the cpu usage of
ksoftirqd/X
is 13-18%. - When malformed packets are send, they get drop by above iptable rule and CPU utilization of
ksoftirqd/X
process increases. - Why iptable rule when enabled, causes CPU usage rise ?
top - 02:17:29 up 2 days, 16:12, 2 users, load average: 1.30, 1.50, 1.07
Tasks: 233 total, 2 running, 231 sleeping, 0 stopped, 0 zombie
Cpu(s): 7.9%us, 4.9%sy, 0.0%ni, 84.9%id, 0.6%wa, 0.2%hi, 1.5%si, 0.0%st
Mem: 3926168k total, 3645548k used, 280620k free, 8704k buffers
Swap: 2064280k total, 1790088k used, 274192k free, 197364k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
9 root 20 0 0 0 0 R 94.2 0.0 66:13.07 [ksoftirqd/1]
15989 ccmservi 20 0 340m 28m 9.8m S 5.8 0.7 65:16.60 /usr/local/cm/bin/RisDC
Environment
- Red Hat Enterprise Linux (RHEL) 6.2
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.