Hi Lars,
Am 20.03.20 um 15:43 schrieb Lars Kruse:> Did you really try the nice visualizations in the "Statistics"
menu?
> These should allow you to see, which protocols and which peers cause the
> traffic.
>
> I am slightly confused, that you already took a look at the traffic, but
you did
> not mention, which type of traffic makes up the bulk of the excessive
packets
> you encountered. You mentioned "a few SSDP packages", but nothing
else.
>
> Or did I just overlook it in your emails?
>
> Happy traffic hunting!
>
> Lars
> _______________________________________________
yeah, I had a look at all packages, but there are only very few packages
on the virtual tinc link, but a huge amount of packages on the Ethernet
link. When I tcpdump the packages on the ethernet link and on the tinc
link at the same time I see only as few as 100 packages per second (or
less) but more than 3000 packages per second on the ethernet link that I
can relate to tinc.
So, I came to the conclusion that this high amount of traffic on the
ethernet link is not directly correlated to the actual virtual traffic,
because in other situations, when there is acutally load on the tinc
network, I see only a very moderate rise of the number of packages on
the ethernet link. So, although I do not know much about the tinc
internals, under normal circumstances the number of packages on ethernet
vs those on the virtual tinc adapter seem to correlate linearly. This is
clearly not the case during those high traffic events.
My current mitigation is to stop some tinc peers for ten seconds and to
start them again afterwards, that usually causes the excessive traffic
to stop without interrupting service too much.
Cheers,
Maximilian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20200320/3e65da04/attachment.sig>