Date: Mon, 8 Aug 2022 16:37:33 -0700 From: jin guojun <jguojun@gmail.com> To: Bahagia BAG <csf.server.bag@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Heavy duty unbound Message-ID: <CAE6yT5uwVc=NEvKdU6ZabF2pZjy49RPahRCuc_1PytdaU6%2BtdQ@mail.gmail.com> In-Reply-To: <CAM6iT5SRubV-vcHPANz-2fmzSTCbZeXeywOG=VnvF7BhyF5WxA@mail.gmail.com> References: <CAM6iT5SRubV-vcHPANz-2fmzSTCbZeXeywOG=VnvF7BhyF5WxA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000007a062505e5c34da3 Content-Type: text/plain; charset="UTF-8" This could be related to your network topology. If you have a real gateway with AS # (ASN) set properly, you should not see this problem. If you have a home router that serves your NAT, and your gateway is an ISP port, and this port IP is mapped to your service IP (DNS, HTTP, etc) via NAT, then any of your local network traffic to use your services tied to this IP may experience the problem you had. This is depending on what kind of internal router is behind the ISP modem. If you have all in one Modem/Router, it is likely to see the problem. Some routers may even prevent such traffic flow. This is because of the All-in-one internal traffic rerouting. If you have a separate Modem and Router, you can sniff the traffic between the router and the modem, the traffic between the client and the router, as well as between the router and the server, then you may find some redirecting traffic issues, which causes CPU usage due to massive packet dropping and resending. -Jin On Mon, Aug 8, 2022 at 3:21 PM Bahagia BAG <csf.server.bag@gmail.com> wrote: > Hello All, > > I have unbound setup as a dns cache server > The problem is if I give dns query traffic from my network, the server is > very lagging > and if i run top, unbound is 166.43% > sometimes I can't ssh login to the server > I received an error log like this > > Limiting icmp unreach response from 203 to 193 packets/sec > Limiting icmp unreach response from 222 to 197 packets/sec > Limiting icmp unreach response from 228 to 194 packets/sec > > How can I tweak and optimize this server? > > Thanks in advance > > Baha Gia > > --0000000000007a062505e5c34da3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div>This could be related to your network topology.</div>= <div><br></div><div>If you have a real gateway with AS # (ASN) set properly= , you should not see this problem.</div><div><br></div><div>If you have a h= ome router that serves your NAT, and your gateway is an ISP port, and this = port IP is mapped to your service IP (DNS, HTTP, etc) via NAT, then any of = your local network traffic to use your services tied to this IP may experie= nce the problem you had.</div><div>This is depending on what kind of intern= al router is behind the ISP modem.</div><div>If you have all in one Modem/R= outer, it is likely to see the problem. Some routers may even prevent such = traffic flow. This is because of the All-in-one internal traffic rerouting.= <br></div><div>If you have a separate Modem and Router, you can sniff the t= raffic between the router and the modem, the traffic between the client and= the router, as well as between the router and the server, then you may fin= d some redirecting traffic issues, which causes CPU usage due to massive pa= cket dropping and resending.<br></div><div><br></div><div>-Jin</div><div><b= r></div><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On= Mon, Aug 8, 2022 at 3:21 PM Bahagia BAG <<a href=3D"mailto:csf.server.b= ag@gmail.com">csf.server.bag@gmail.com</a>> wrote:<br></div><blockquote = class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px sol= id rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div>Hello All,</div= ><div><br></div>I have unbound setup as a dns cache server <br>The problem = is if I give dns query traffic from my network, the server is very lagging<= br>and if i run top, unbound=C2=A0 is 166.43%<br>sometimes I can't ssh = login to the server<br>I received an error log like this<div><br>Limiting i= cmp unreach response from 203 to 193 packets/sec<br>Limiting icmp unreach r= esponse from 222 to 197 packets/sec<br>Limiting icmp unreach response from = 228 to 194 packets/sec<br><br>How can I tweak and optimize this server?<br>= <br><div>Thanks in advance<div>=C2=A0</div><div>Baha Gia<br><br></div></div= ></div></div> </blockquote></div></div> --0000000000007a062505e5c34da3--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE6yT5uwVc=NEvKdU6ZabF2pZjy49RPahRCuc_1PytdaU6%2BtdQ>