Hi, I tried the following for each ksoftirqd PID:
# chrt -f -a -p 99 $pid "top" now reports that the ksoftirqd priorities are all "rt" (real-time). I then test-stressed the Shorewall system by running this: # stress --cpu 8 --timeout 60 This brought all my cores to nearly 100% usage: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 16096 root 20 0 7248 96 0 R 99.0 0.0 0:16.39 stress 16101 root 20 0 7248 96 0 R 99.0 0.0 0:16.32 stress 16098 root 20 0 7248 96 0 R 98.7 0.0 0:16.06 stress 16097 root 20 0 7248 96 0 R 98.3 0.0 0:15.40 stress 16095 root 20 0 7248 96 0 R 97.7 0.0 0:16.08 stress 16099 root 20 0 7248 96 0 R 97.0 0.0 0:16.30 stress 16094 root 20 0 7248 96 0 R 96.4 0.0 0:16.23 stress 16100 root 20 0 7248 96 0 R 91.1 0.0 0:15.95 stress During this time span I could not detect any network lags -- everything was responsive (pings to shorewall FW, pings between hosts in different zones, etc.). However, whenever I run "shorewall reload" and get 100% cpu usage only in one core, I observe important network lags when pinging between hosts (only during the reload). I know Shorewall reconfigures several things when reloading, but is this enough to explain this slowdown? Even the ssh session I'm connected to on the FW while reloading slows down considerably. Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
