I have this little snapgear firewall. It's a little purpose built box running a custom linux, SH4 processor @240 Mhz, 64MB of ram.
Basically how close we are to capacity is a mystery to me. I know I can run top and see the status of all the processes, but how can I see just how much of the processor is going to passing data... and how to estimate when I'm going to need to upgrade, and by tweaking iptables rules, how does that help/hurt the processor.
suggestions?
-
See what kind of SNMP data is being passed from the device. Log the data using a monitoring suite to get trends.
From moshen -
You can monitor the device's CPU as usual (top, sysstat, sar, etc), but I think it's highly difficult for you to saturate such a CPU with netfilter (controlled by iptables). It'll be much more likely that you saturate the translation tables (if you do a lot of NAT) or saturate the networking hardware (NIC's) from high use of interrupts, etc.
From Ricardo Pardini
0 comments:
Post a Comment