Gre tunnel work on single core?

hello everyone

gre tunnel work on single core ?
because i using +150kpps on gre tunnel and my single core overloaded

when ddos is come from gre tunnel 70-80k pps gre tunnel cpu overloaded to %70

i using i9-9900k processor and vyos directly installed to this dedicated server

Try to enable rps

set interfaces ethernet eth0 offload rps

after gre tunnel can work on multi core ?

i tried this but it got worse

image

Could you try to add the following optimisation and compare results?

sudo su -l
echo "ff" > /sys/class/net/tun0/queues/rx-0/rps_cpus

Note: You need to disable HT

Also increase ring buffers. Bit more about system optimisation you can read by the following link System optimization - Knowledgebase / General / System Settings - VyOS

i need to reactive again this ?
“set interfaces ethernet eth0 offload rps”

i get same results my cpu overloaded

i tried offload rps and echo “ff” > /sys/class/net/tun0/queues/rx-0/rps_cpus its not successfuly

i will try disable hyperthreading

i get +600k pps attack from gre tunnel and my tunnel cpu overloaded network down

after disable hyperthreading on getting 850k pps attack from tunnel
results;

hello sir

my problem still next

i live same problem on gre tunnel, emergency!

can i get help about my problem ? @Dmitry @Viacheslav

Which address destination? Is it address of gre tunnel itself or ip adressses behind tunnel?
Is traffic generated from different source ip or source IP address was same?

i send my tunnel settings on dm

getting attack to my prefixes on tunnel

is traffic generater from different source ip and destination my prefixes /24

i didnt get attack to my tunnel ip

hello. i waiting good news about this problem
@Viacheslav

I don’t test it with gre, not sure but it can help. Enable some of these offloads.

sudo ethtool -K eth1 gro on
sudo ethtool -K eth1 sg on
sudo ethtool -K eth1 tso on
sudo ethtool -K eth1 lro on

As I know to resolve hardware Optimizations for tunnels rss/udp checksum/ etc. used a new feature FOO-over-UDP. T3597

Do you still see load only on one core?

i will try this now and tell you results

i tried this still work on single core,
i think its a kernel problem