Request for help - tcpdump on many ethernet cards simulateneously

Srihari Vijayaraghavan (harisri@bigpond.com)
Fri, 14 Mar 2003 00:51:19 +1100


Hello,

I have a requirement to capture network traffic on 5 Fast Ethernet cards
simultaneously and store it in the local file system using tcpdump utility
(3.7.2 Latest).

I ran some initial tests on RH 2.4.9 based kernel on a test machine with:
2 Xeon 2.8 GHz/512 KB Cache
1 GB RAM
U160 10K SCSI drives on Hardware RAID 1 under Compaq SmartArray controller
(cciss.o)
4 Intel Ether Expro 100 Tx cards (eepro100.o), 1 Broadcom Gigabit (tg3.o)
All connected to a Cisco Fast Ethernet Switch (100 Tx only)

I captured approx 3 million packets of 1500 bytes on each adapter
simultaneously over a period few minutes (it takes about 10 secs to fill up
approx 500 MB in the EXT2 file system). During this period CPU (nearly 100%
utilised), Memory (only few megabytes remained as free, rest all occupied by
cache/buffer) and IO were really busy. The tcpdump utility reported that
kernel hasn't dropped a single packet in that duration, which is a good news.

Is there anyone out there who has done similar work and would like to share
the knowledge about:
1. Kernel version
2. File system used (parameters if any)
3. Network card and driver
4. SCSI/HW RAID controller card and driver
5. Tunning parameters for any sub-system if any
6. Any advise in general (don't use more than 1 GB RAM, use XFS, use aa/rmap,
use 2.5 :-) etc..)

What I am really worried about is kernel may start dropping the packets after
few hours/days and/or tcpdump/kernel may not be able to keep up with the
network load due to IO load on the hard drives, memory pressure etc..

Are there any known bad effects on a 4 GB RAM configuration? (the production
system will have 4 GB RAM)

By tomorrow I will have the opportunity to run it for few hours and see if it
misbehaves (on 2.4.18-RH-latest and 2.4.20/21-pre. -aa if possible). I could
also capture vmstat etc..

Thanks for your help.

-- 
Hari
harisri@bigpond.com

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/