Hi, So I have been using ganglia without problems for a while, and it seems excellent. The other day the network administrator calls up and asks why we are using so much (15%) of his bandwidth stating that he noticed some weird traffic that was flatlining and therefore didn't look like normal network usage.
Now, I traced this to ganglia's multicast, which I have had to disable. But I have a few questions: * Is is normal to produce this much traffic? Can I set the interval on broadcasts to be much higher or something? * Now, I'm pretty sure most of the traffic is coming from the workstations, as most of the cluster is behind another NIC connected to our server and not able to even see the internet. Multicast traffic wont be copied over the NIC since there is no NAT for the cluster, right? * So that leaves the workstations. A firewall box does NAT for the workstations, but both NICs of the firewall are connected to the same switch (run by the network administrator), with one connecting a true internet IP and the other on our local subnet. Now, I tried dropping the multicast packets using iptables, but no log messages show up with dropped packets. So I started thinking, maybe the switch is routing the multicast packets before they even get to the firewall, so its not even possible to drop them there. Is that the case? Or can I filter them using iptables, and if so what is the correct line to include in the NAT script (I use the iptables script found at http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/stronger-firewall-examples.html#RC.FIREWALL-2.4.X-STRONGER)? I'm still getting my head round this multicast thing, so apologies if this is obvious. Many thanks, James
