Hi Lars, Am 20.03.20 um 15:43 schrieb Lars Kruse: > Did you really try the nice visualizations in the "Statistics" menu? > These should allow you to see, which protocols and which peers cause the > traffic. > > I am slightly confused, that you already took a look at the traffic, but you > did > not mention, which type of traffic makes up the bulk of the excessive packets > you encountered. You mentioned "a few SSDP packages", but nothing else. > > Or did I just overlook it in your emails? > > Happy traffic hunting! > > Lars > _______________________________________________
yeah, I had a look at all packages, but there are only very few packages on the virtual tinc link, but a huge amount of packages on the Ethernet link. When I tcpdump the packages on the ethernet link and on the tinc link at the same time I see only as few as 100 packages per second (or less) but more than 3000 packages per second on the ethernet link that I can relate to tinc. So, I came to the conclusion that this high amount of traffic on the ethernet link is not directly correlated to the actual virtual traffic, because in other situations, when there is acutally load on the tinc network, I see only a very moderate rise of the number of packages on the ethernet link. So, although I do not know much about the tinc internals, under normal circumstances the number of packages on ethernet vs those on the virtual tinc adapter seem to correlate linearly. This is clearly not the case during those high traffic events. My current mitigation is to stop some tinc peers for ten seconds and to start them again afterwards, that usually causes the excessive traffic to stop without interrupting service too much. Cheers, Maximilian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc