Gre tunnel work on single core?

hello everyone

gre tunnel work on single core ?
because i using +150kpps on gre tunnel and my single core overloaded

when ddos is come from gre tunnel 70-80k pps gre tunnel cpu overloaded to %70

i using i9-9900k processor and vyos directly installed to this dedicated server

Try to enable rps

set interfaces ethernet eth0 offload rps

after gre tunnel can work on multi core ?

i tried this but it got worse

image

Could you try to add the following optimisation and compare results?

sudo su -l
echo "ff" > /sys/class/net/tun0/queues/rx-0/rps_cpus

Note: You need to disable HT

Also increase ring buffers. Bit more about system optimisation you can read by the following link https://support.vyos.io/en/kb/articles/system-optimization

i need to reactive again this ?
“set interfaces ethernet eth0 offload rps”

i get same results my cpu overloaded

i tried offload rps and echo “ff” > /sys/class/net/tun0/queues/rx-0/rps_cpus its not successfuly

i will try disable hyperthreading

i get +600k pps attack from gre tunnel and my tunnel cpu overloaded network down

after disable hyperthreading on getting 850k pps attack from tunnel
results;

hello sir

my problem still next

i live same problem on gre tunnel, emergency!

can i get help about my problem ? @Dmitry @Viacheslav

Which address destination? Is it address of gre tunnel itself or ip adressses behind tunnel?
Is traffic generated from different source ip or source IP address was same?

i send my tunnel settings on dm

getting attack to my prefixes on tunnel

is traffic generater from different source ip and destination my prefixes /24

i didnt get attack to my tunnel ip

hello. i waiting good news about this problem
@Viacheslav

I don’t test it with gre, not sure but it can help. Enable some of these offloads.

sudo ethtool -K eth1 gro on
sudo ethtool -K eth1 sg on
sudo ethtool -K eth1 tso on
sudo ethtool -K eth1 lro on

As I know to resolve hardware Optimizations for tunnels rss/udp checksum/ etc. used a new feature FOO-over-UDP. T3597

Do you still see load only on one core?

i will try this now and tell you results

i tried this still work on single core,
i think its a kernel problem

So I had the same issue.

ATM I’m using e0899b927c0857 build.

Enabling RPS and echoing ff was of no help. For me I get 100% CPU for a single core at around 150kpps inside my tunnel using an E3-1231v3.

I’m able to push ~1.8Mpps outside the tunnel using an intel x520-da1, and this is how my offloading is configured right now:

$ ethtool -k eth0
Features for eth0:
rx-checksumming: on
tx-checksumming: on
        tx-checksum-ipv4: off [fixed]
        tx-checksum-ip-generic: on
        tx-checksum-ipv6: off [fixed]
        tx-checksum-fcoe-crc: on [fixed]
        tx-checksum-sctp: on
scatter-gather: on
        tx-scatter-gather: on
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: on
        tx-tcp-segmentation: on
        tx-tcp-ecn-segmentation: off [fixed]
        tx-tcp-mangleid-segmentation: off
        tx-tcp6-segmentation: on
udp-fragmentation-offload: off
generic-segmentation-offload: off
generic-receive-offload: off
large-receive-offload: off
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off
receive-hashing: on
highdma: on [fixed]
rx-vlan-filter: on
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: on [fixed]
tx-gre-segmentation: on
tx-gre-csum-segmentation: on
tx-ipxip4-segmentation: on
tx-ipxip6-segmentation: on
tx-udp_tnl-segmentation: on
tx-udp_tnl-csum-segmentation: on
tx-gso-partial: on
tx-sctp-segmentation: off [fixed]
tx-esp-segmentation: on
tx-udp-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: off
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off
tx-vlan-stag-hw-insert: off [fixed]
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
l2-fwd-offload: off
hw-tc-offload: off
esp-hw-offload: on
esp-tx-csum-hw-offload: on
rx-udp_tunnel-port-offload: on
tls-hw-tx-offload: off [fixed]
tls-hw-rx-offload: off [fixed]
rx-gro-hw: off [fixed]
tls-hw-record: off [fixed]

And ring buffers:

$ sudo ethtool -g eth0
Ring parameters for eth0:
Pre-set maximums:
RX:             4096
RX Mini:        0
RX Jumbo:       0
TX:             4096
Current hardware settings:
RX:             4096
RX Mini:        0
RX Jumbo:       0
TX:             4096
$ sudo lspci | grep "Ethernet controller"
01:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)

$ sudo ethtool -i eth0
driver: ixgbe
version: 5.1.0-k
firmware-version: 0x000157e0
expansion-rom-version:
bus-info: 0000:01:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: yes