New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What's happening with my vps bw
Hi,
I have buyvm 512 and hosting small vbb forum (10-20) concurrent users. This vps hosting script only, database is put at buyvm offload server.
Here is my site awstats:
!(http://i.imgur.com/m0noN.png)
Today is 15th and my BW goes over 2TB and i have to purchase 1TB addon. But BW still increasing crazy. I dont know why. DDOS? No, i put my site after buyvm protection service. Who want to visit my site must go through: cloudflare proxy > buyvm ddos protection > my site.
I cant find reason for BW increasing crazy like that. I sent ticket but Athony say their BW count is fully accurate.
Please help me find the reason. There are no any large files on this vps (max is: 1MB, i think so, it's just vbb script).
Comments
Check your access logs.
First things first, check whether any programs are running high bw activity... I suggest using Nethogs (or something similar) to check currently active programs/connections.
Does your VPS do any nameserver stuff?
@jhadley: tks, i looking into it but hard to determine what happening
@telephone: tks, will try
@Damian: no, just nginx and php-fpm
I run this command in 30s and here is result:
1165 packets captured
37456 packets received by filter
36286 packets dropped by kernel
install iftop and run iftop -n and check wich IP(s) are using lots of bandwidth
Trying to install but get error
checking where to find pcap.h... no idea
configure: error: can't find pcap.h
You're not going to get very far without libpcap.
checking where to find pcap.h... no idea
configure: error: can't find pcap.h
You're not going to get very far without libpcap.
Iftop is a major pain in the butt to configure. You should try installing vnstat, then using vnstat -l to see live info on input/output bitrate/pps.
iftop is easy... lol
just get he rpm if ur on centos, or do apt-get install iftop if ur on debian/ubuntu
EPEL has Iftop, fyi, and htop, and many others... Just something worth noting for future reference there guys..
@Francisco: hope you help me
@JTR @joodle: try to install both vnstat and iftop but when i run command to show what happning it appears error :
iftop
interface: sit0
Unable to get IP address for interface: sit0
ioctl(SIOCGIFADDR): Cannot assign requested address
MAC address is: 00:00:00:00:00:00
pcap_open_live(sit0): sit0: That device is not up
vnstat -l
Monitoring eth0... (press CTRL-C to stop)
getting traffic...Error: Unable to get interface "eth0" statistics.
Error: Interface "eth0" not available, exiting.
eh, You need to specificy to vnstat what interface you are monitoring, Use ifconfig to show you your interfaces.
The interfaces with the highest traffic is usually your primary one.
If you're on OpenVZ try these:
vnstat -l -i venet0iftop -i venet0vnstat -l -i venet0
Monitoring venet0... (press CTRL-C to stop)
rx: 6.57 Mbit/s 594 p/s tx: 216 kbit/s 303 p/s
venet0 / traffic statistics
--------------------------------------+------------------
bytes 8.89 MiB | 370 KiB
--------------------------------------+------------------
max 6.57 Mbit/s | 336 kbit/s
average 2.91 Mbit/s | 118.40 kbit/s
min 0 kbit/s | 0 kbit/s
--------------------------------------+------------------
packets 6697 | 3550
--------------------------------------+------------------
max 594 p/s | 316 p/s
average 267 p/s | 142 p/s
min 1 p/s | 1 p/s
--------------------------------------+------------------
time 25 seconds
^ Those guys are correct, on OpenVZ you need to specify the correct interface.
`vnstat -l -i venet0
Monitoring venet0... (press CTRL-C to stop)
rx: 3.18 Mbit/s 297 p/s tx: 228 kbit/s 161 p/s
venet0 / traffic statistics
--------------------------------------+------------------
bytes 22.79 MiB | 849 KiB
--------------------------------------+------------------
max 8.66 Mbit/s | 364 kbit/s
average 2.83 Mbit/s | 102.91 kbit/s
min 0 kbit/s | 0 kbit/s
--------------------------------------+------------------
packets 17065 | 8737
--------------------------------------+------------------
max 787 p/s | 411 p/s
average 258 p/s | 132 p/s
min 0 p/s | 0 p/s
--------------------------------------+------------------
time 1.10 minutes
`
@Kuro @Jack: result posted above, is it normal
use
@ErawanArifNugroho : vnstat --iflist
Available interfaces: lo sit0 tunl0 gre0 venet0
@Jack: can i pm you result of tcpdump -n
never mind
oh mstk
Not if he's using mod_cloudflare
If you're holding upwards of 7 - 10mbit/sec constantly out then the bandwidth adds up
A year ago when we rewrote our whole bandwidth accounting we had a bunch of screw ups but they were obvious ones (like people would suddenly use 20TB in a single day on an idle VM). The errors were due to how PHP calculated numbers.
I fixed the issues back then and have spent a lot of time since then testing and retesting just to make sure we weren't having any rounding errors or the likes.
The statistics are fully accurate (usually to the byte even).
The filtered IP just stops bad types of traffic (major syn floods, large UDP floods etc), it isn't smart enough yet to start looking for malware like cloudflare. I've thought about using squid but I fear i'd gobble a lot of CPU doing that
We'll see.
Francisco
myql is on another server ?
Yeap you're right, only Apache will see the real IPs.
I love how you make things from scratch for BuyVM
I authorize you a raise!
So there's many interfaces, for monitoring it using vnstat, let's add it to the database :
tcpdump -tnn -c 20000 -i eth0 | awk -F "." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr | awk ' $1 > 100 'That will get you a list of the top 10 talkers.