poudenes
By:
poudenes

Firewall block IP but high CPU and Swap usage

March 7, 2017 685 views
Firewall Security DigitalOcean CentOS

Hi All,

Since half February i see a increase of CPU, Memory and IO usage. Now i check the syslog and used HTOP to compare

When a high usage if CPU, Memory happen. Memory get full and SWAP File is growing at same moment i see Firewall blocking lines popup in Syslog.

When is over, CPU, Memory and SWAP file usage is going low to normal.

Can i do something about this? So the VPS is not using all the time so much CPU, Memory and Swap file? Or is it normal behaviour and there are no worries?

Thanks Peter

Mar 07 10:47:05 sentora.oudenes.photography kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=04:01:3d:0c:fc:01:84:b5:9c:fa:08:30:08:00 SRC=196.202.112.185 DST=188.166.53.85 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=3518 PROTO=TCP SPT=5580 DPT=23 WINDOW=10996 RES=0x00 SYN URGP=0
Mar 07 10:47:15 sentora.oudenes.photography kernel: Firewall: UDP_IN Blocked IN=eth0 OUT= MAC=04:01:3d:0c:fc:01:84:b5:9c:fa:10:30:08:00 SRC=89.163.242.107 DST=188.166.53.85 LEN=444 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=UDP SPT=5209 DPT=5060
Mar 07 10:48:27 sentora.oudenes.photography kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=04:01:3d:0c:fc:01:84:b5:9c:fa:10:30:08:00 SRC=88.249.100.122 DST=188.166.53.85 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=23409 PROTO=TCP SPT=4883 DPT=2323
Mar 07 10:48:41 sentora.oudenes.photography kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=04:01:3d:0c:fc:01:84:b5:9c:fa:08:30:08:00 SRC=179.178.243.102 DST=188.166.53.85 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=39406 PROTO=TCP SPT=18666 DPT=23
Mar 07 10:50:00 sentora.oudenes.photography kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=04:01:3d:0c:fc:01:84:b5:9c:fa:10:30:08:00 SRC=117.45.132.172 DST=188.166.53.85 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=11653 PROTO=TCP SPT=46288 DPT=7547
Mar 07 10:51:04 sentora.oudenes.photography kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=04:01:3d:0c:fc:01:84:b5:9c:fa:08:30:08:00 SRC=120.68.220.194 DST=188.166.53.85 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=54819 PROTO=TCP SPT=15813 DPT=23
Mar 07 10:52:12 sentora.oudenes.photography kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=04:01:3d:0c:fc:01:84:b5:9c:fa:08:30:08:00 SRC=185.67.100.133 DST=188.166.53.85 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=24249 PROTO=TCP SPT=20390 DPT=23 WINDOW=49493 RES=0x00 SYN URGP=0

1 Answer

@poudenes

Generally, since DigitalOcean uses SSD's, a swap file isn't recommended. Since swap uses disk to make up for the lack of RAM, once you begin hitting swap, CPU % is going to skyrocket as the load comes from the increased disk utilization.

The increased CPU % will often be a combination of heavy swap usage as well as higher wait time as a result -- this means the CPU load is high enough to where it's having to wait on other processes to finish up before another can be put through.

In such a case, you may actually need to upgrade your Droplet so that you have more CPU and RAM available to cope with said load.

  • Not to mention that you shouldn't be using a swap file on a VPS, specifically an SSD one. The SSDs can only handle so many writes before dying and if everyone starts using swap files it harms those disks and causes performance issues. The disks begin failing and DigitalOcean Engineers have to go in and replace them and keep up with failure rates. The best solution is to pay just a little bit more money and get more RAM for your droplet :)

Have another answer? Share your knowledge.