Why CPU utilization of a process 'ksoftirqd/X' increases when iptables are enabled on the system ?

Solution In Progress - Updated -

Issue

  • Below iptable rule is added which will drop INVALID packets.
[root@xxxx ~]# iptables -L INPUT -n -v | grep INVALID
  58M   41G DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
  • When iptables are enabled with above rule in place, the CPU utilization of process ksoftirqd/X increases to 80-90% .
  • When iptables are disable the cpu usage of ksoftirqd/X is 13-18%.
  • When malformed packets are send, they get drop by above iptable rule and CPU utilization of ksoftirqd/X process increases.
  • Why iptable rule when enabled, causes CPU usage rise ?
top - 02:17:29 up 2 days, 16:12,  2 users,  load average: 1.30, 1.50, 1.07
Tasks: 233 total,   2 running, 231 sleeping,   0 stopped,   0 zombie
Cpu(s):  7.9%us,  4.9%sy,  0.0%ni, 84.9%id,  0.6%wa,  0.2%hi,  1.5%si,  0.0%st
Mem:   3926168k total,  3645548k used,   280620k free,     8704k buffers
Swap:  2064280k total,  1790088k used,   274192k free,   197364k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                                                           
    9 root      20   0     0    0    0 R 94.2  0.0  66:13.07 [ksoftirqd/1]                                                                                                                     
15989 ccmservi  20   0  340m  28m 9.8m S  5.8  0.7  65:16.60 /usr/local/cm/bin/RisDC

Environment

  • Red Hat Enterprise Linux (RHEL) 6.2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content