That's the thing, The routing is superfast.... So I know the box is doing
ok.... But apache/tomcat's https server is SLOW if it even does respond.....
On 9/1/05 5:29 PM, "Ryan Dorman" <[log in to unmask]> wrote:
> The kclick process is the proprietary routing daemon that Perfigo/CCA uses.
> It captures all available resources on the CAS. When we first got clean
> machines, the load averages on the machines made me nausious :) my gernealy
> rule for other *NIX boxen being load = # of CPU's (in a perfect world)....
>
> Are you noticing a significant performance hit for subnets protected by CCA?
>
> Ryan Dorman, CCNP
> Netowrk Communications Specialist
> Communications and Network Services
> Millerville University
>
>
>
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List on behalf of
> Michael Grinnell
> Sent: Thu 9/1/2005 4:49 PM
> To: [log in to unmask]
> Subject: Re: [PERFIGO] Https 404's and High Load Average
>
> We have the same model, but with 2GBs of RAM running in virtual
> gateway mode. Our CASs seem to be running ok. Your load avg does
> seem a bit high, but I've noticed on the CAS that it always seems to
> run at 100% busy. Here's our numbers:
>
> 4:36pm up 12 days, 5:08, 1 user, load average: 2.55, 2.30, 2.22
> 93 processes: 90 sleeping, 3 running, 0 zombie, 0 stopped
> CPU states: 1.1% user, 98.8% system, 0.0% nice, 0.0% idle
> Mem: 2059480K av, 728240K used, 1331240K free, 60K shrd,
> 50744K buff
> Swap: 1048552K av, 0K used, 1048552K free
> 404620K cached
>
> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
> 1167 root 14 0 0 0 0 RW 92.7 0.0 17243m kclick
> 30325 root 14 0 1012 1012 752 R 3.3 0.0 0:01 top
> 1475 root 9 0 193M 193M 14900 S 0.9 9.6 94:55 java
> 22982 root 9 0 193M 193M 14900 S 0.1 9.6 0:00 java
> 1 root 8 0 520 520 452 S 0.0 0.0 0:04 init
>
> and from the event log heartbeat
> Sep 1 16:12:22 <snip> Perfigo: CleanAccessServer:192.168.10.10
> System Stats: Load factor 0 (max since reboot: 477) Mem
> (bytes) Total: 2108907520 Used: 743907328 Free: 1365000192 Shared:
> 61440 Buffers: 51953664 Cached: 413302784 CPU User: 1% Nice: 0%
> System: 99% Idle: 0%
> Sep 1 16:12:22 <snip> Perfigo: CleanAccessServer:192.168.10.20
> System Stats: Load factor 1 (max since reboot: 325) Mem
> (bytes) Total: 2108907520 Used: 568860672 Free: 1540046848 Shared:
> 61440 Buffers: 51179520 Cached: 294789120 CPU User: 0% Nice: 0%
> System: 100% Idle: 0%
>
> I would look at other factors than just load. You might take a look
> at the apache logs (/perfigo/access/apache/logs/) and the tomcat logs
> (/perfigo/access/tomcat/logs) for more clues.
>
> Also, Gigabit Ethernet does not support manual duplex and speed
> negotiation, IIRC. You are supposed to use auto. Here's our
> modules.conf
> alias eth0 bcm5700
> alias eth1 bcm5700
> alias parport_lowlevel parport_pc
> <snip>
>
> Hope that helps,
>
> Michael Grinnell
> Network Security Administrator
> The American University
> e-mail: [log in to unmask]
>
> On Sep 1, 2005, at 4:18 PM, Brad Kramer wrote:
>
>> Sorry, should have mentioned that I have broadcoms, in the
>> modules.conf, we
>> hardset the speed/duplex 1000 and full....
>>
>> I honestly think this has something to do with load....
>>
>> Here's the first 20 or so lines of top
>>
>> 4:15pm up 20 days, 23:31, 1 user, load average: 3.40, 3.49, 3.47
>> 99 processes: 96 sleeping, 3 running, 0 zombie, 0 stopped
>> CPU states: 2.6% user, 97.3% system, 0.0% nice, 0.0% idle
>> Mem: 3597396K av, 728352K used, 2869044K free, 56K shrd,
>> 55248K
>> buff
>> Swap: 1048552K av, 0K used, 1048552K free
>> 485632K
>> cached
>>
>> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
>> 1183 root 14 0 0 0 0 RW 90.1 0.0 29273m kclick
>> 18026 root 14 0 1016 1016 752 R 3.0 0.0 0:03 top
>> 1479 root 9 0 106M 106M 14892 S 1.9 3.0 65:35 java
>> 16 root 9 0 0 0 0 SW 0.7 0.0 0:51
>> kjournald
>> 566 root 9 0 616 616 508 S 0.3 0.0 0:58 syslogd
>> 1 root 8 0 520 520 452 S 0.0 0.0 0:08 init
>> 2 root 8 0 0 0 0 SW 0.0 0.0 0:00 keventd
>> 3 root 19 19 0 0 0 RWN 0.0 0.0 0:00
>> ksoftirqd_CPU0
>> 4 root 9 0 0 0 0 SW 0.0 0.0 0:00 kswapd
>> 5 root 9 0 0 0 0 SW 0.0 0.0 0:00
>> kreclaimd
>> 6 root 9 0 0 0 0 SW 0.0 0.0 0:00 bdflush
>> 7 root 9 0 0 0 0 SW 0.0 0.0 0:00 kupdated
>> 8 root -1 -20 0 0 0 SW< 0.0 0.0 0:00
>> mdrecoveryd
>> 131 root 9 0 0 0 0 SW 0.0 0.0 0:00
>> kjournald
>> 571 root 9 0 1108 1108 444 S 0.0 0.0 0:00 klogd
>> 713 root 9 0 1252 1252 1112 S 0.0 0.0 0:00 sshd
>> 765 root 9 0 1272 1272 904 S 0.0 0.0 0:00 nessusd
>> 783 root 8 0 676 676 568 S 0.0 0.0 0:00 crond
>> 819 daemon 9 0 572 572 488 S 0.0 0.0 0:00 atd
>> 1060 root 9 0 936 936 860 S 0.0 0.0 0:00
>> _plutorun
>> 1061 root 9 0 400 400 340 S 0.0 0.0 0:00 logger
>> 1065 root 9 0 936 936 860 S 0.0 0.0 0:00
>> _plutorun
>>
>> A little farther down we have about 20 instances of java...
>>
>> Let me know what you think...
>> Thanks
>> -Brad Kramer
>>
>>
>> On 9/1/05 4:02 PM, "Simon Bell" <[log in to unmask]> wrote:
>>
>>
>>> check your speed and duplex? ifconfig on the CAS/CAM
>>>
>>>
>>>>>> [log in to unmask] 9/1/2005 10:17 AM >>>
>>>>>>
>>> Here at Ashland we also had a "successful" rollout of CCA this
>>> fall... We
>>> are currently running 3.5.4, and we have experienced a small hiccup.
>>>
>>> Most users are getting the initial redirect page just fine,
>>> however the
>>> secure web server times out on many requests, and when it does
>>> respond it is
>>> extremely slow....
>>>
>>> Currently we have roughly 1000 users behind an inline CAS.
>>> The CAS is running on a Compaq DL360 3.4ghz with 4G RAM....
>>> I think it is due to high load on the server, because the load
>>> average sits
>>> around 2.5 all day (through slow times and busy times) our RAM is
>>> virtually
>>> untouched...
>>> I have contacts at other universities that are running 5x more
>>> users behind
>>> a single CAS with no problems...... Any suggestions?
>>>
>>> Thanks!
>>>
>>> -------------
>>> Bradley W. Kramer
>>> Network/Telecom Intern.
>>> Ashland University
>>> (419) 289-5630
>>> [log in to unmask]
>>>
>>
>> -------------
>> Bradley W. Kramer
>> Network/Telecom Intern.
>> Ashland University
>> (419) 289-5630
>> [log in to unmask]
>>
-------------
Bradley W. Kramer
Network/Telecom Intern.
Ashland University
(419) 289-5630
[log in to unmask]
|