IBM REDP-4285-00 2.3.13 tcpdump / ethereal

Chapter 2. Monitoring and benchmark tools 55

Draft Document for Review May 4, 2007 11:35 am 4285ch02.fm

Figure 2-2 iptraf output of TCP/IP statistics by protocol

Figure 2-3 iptraf output of TCP/IP traffic statistics by packet size

2.3.13 tcpdump / ethereal

The tcpdump and ethereal are used to capture and analyze network traffic. Both tool uses the

libpcap library to capture packets. They monitor all the traffic on a network adapter with

promiscuous mode and capture all the frames the adapter has received. To capture all the

packets, these commands should be executed with super user privilege to make the interface

promiscuous mode.

Contents

Main Page Page Page Contents Page Page Page Notices Trademarks Preface How this Redpaper is structured The team that wrote this Redpaper Become a published author Comments welcome Page operating system Page 1.1 Linux process management 1.1.1 What is a process? 1.1.2 Lifecycle of a process 1.1.3 Thread 1.1.4 Process priority and nice level Process priority 1.1.5 Context switching CPU 1.1.6 Interrupt handling Suspend Resume 1.1.7 Process state Processor Zombie processes 1.1.8 Process memory segments Text Data Stack Process address space 1.1.9 Linux CPU scheduler 4285ch01.fm 10 Figure 1-8 Linux kernel 2.6 O(1) scheduler via scheduler_tick() P active expired array[0] array[1] PP P active expired array[0] array[1] PP Parent Child 1.2 Linux memory architecture 1.2.1 Physical and virtual memory Virtual memory addressing layout 32-bit Architecture 64-bit Architecture User space Kernel space 32-bit Architecture 64-bit Architecture User space Kernel space 1.2.2 Virtual memory manager Page frame allocation Buddy system Page frame reclaiming cache and process address space. The page cache is pages mapped to a file on disk. The swap 1.3 Linux file systems 1.3.1 Virtual file system 1.3.2 Journaling 1. write journal logs write File system Journal area 1.3.3 Ext2 Ext2 1.3.4 Ext3 Mode of journaling 1.3.5 ReiserFS 1.3.6 Journal File System 1.3.7 XFS 1.4 Disk I/O subsystem 1.4.1 I/O subsystem architecture 1.4.2 Cache Memory hierarchy Locality of reference Flushing dirty buffer 1.4.3 Block layer Disk Cache Disk Cache Block sizes 1.4.4 I/O device driver SCSI ips qla2300mptscsih 1.4.5 RAID and Storage system st sr_modsd_modsg scsi_mod Upper level driver Mid level driver Device Process Low level driver 1.5 Network subsystem 1.5.1 Networking implementation Socket buffer TCP/IP IPX Appletalk DEVICE NAPI way NAPI way DEVICE Netfilter Netfilter Connection tracking 1.5.2 TCP/IP Connection establishment Chapter 1. Understanding the Linux operating system 31 Draft Document for Review May 4, 2007 11:35 am 4285ch01.fm Figure 1-27 TCP 3-way handshake Client Server 4285ch01.fm 32 Traffic control TCP/IP transfer window CLOSED LISTEN SYN SENT LAST-ACK ESTAB SYN RCVD 1.5.3 Offload 1.5.4 Bonding module 1.6 Understanding Linux performance metrics 1.6.1 Processor metrics 1.6.2 Memory metrics 1.6.3 Network interface metrics 1.6.4 Block device metrics transfers per second metric in conjunction with the kBytes per second value helps you to Page Page Page 2.1 Introduction 2.2 Overview of tool function 2.3 Monitoring tools 2.3.1 top 2.3.2 vmstat 2.3.3 uptime 2.3.4 ps and pstree Page Thread information 2.3.5 free Memory used in a zone 2.3.6 iostat Page 2.3.7 sar 2.3.8 mpstat 2.3.9 numastat 2.3.10 pmap 2.3.11 netstat 2.3.12 iptraf 2.3.13 tcpdump / ethereal tcpdump ethereal 2.3.14 nmon 2.3.15 strace 2.3.16 Proc file system Page 2.3.17 KDE System Guard Work space System Load Process Table Configuring a work sheet Page 2.3.18 Gnome System Monitor 2.3.19 Capacity Manager Page Page 2.4 Benchmark tools 2.4.1 LMbench 2.4.2 IOzone 2.4.3 netperf Page Page 2.4.4 Other useful tools bottlenecks 3.1 Identifying bottlenecks 3.1.1 Gathering information Page 3.1.2 Analyzing the servers performance 3.2 CPU bottlenecks 3.2.1 Finding CPU bottlenecks 3.2.2 SMP 3.2.3 Performance tuning options 3.3 Memory bottlenecks 3.3.1 Finding memory bottlenecks Paging and swapping indicators 3.3.2 Performance tuning options 3.4 Disk bottlenecks 3.4.1 Finding disk bottlenecks vmstat command iostat command 3.4.2 Performance tuning options 3.5 Network bottlenecks 3.5.1 Finding network bottlenecks Page 3.5.2 Performance tuning options Page Page 4.1 Tuning principals 4.1.1 Change management 4.2 Installation considerations 4.2.1 Installation Page 4.2.2 Check the current configuration dmesg Page ulimit 4.2.3 Minimize resource use Daemons Page Page Page Changing runlevels Limiting local terminals 4.2.4 SELinux SELinux Kernel Process User Request Access Grant Access Grant/Deny Access Based on Policy 4.3 Changing kernel parameters Page Page 4.3.1 Where the parameters are stored 4.3.2 Using the sysctl command 4.4 Tuning the processor subsystem 4.4.1 Tuning process priority 4.4.2 CPU affinity for interrupt handling 4.4.3 Considerations for NUMA systems numactl 4.5 Tuning the vm subsystem 4.5.1 Setting kernel swap and pdflush behavior 4.5.2 Swap partition 4.5.3 HugeTLBfs 4.6 Tuning the disk subsystem 4.6.1 Hardware considerations before installing Linux Number of drives Guidelines for setting up partitions 4.6.2 I/O elevator tuning and selection Selecting the right I/O elevator in kernel 2.6 Page Impact of nr_requests Page Impact of read_ahead_kb 4.6.3 File system selection and tuning Using ionice to assign I/O priority Access time updates Select the journaling mode of the file system Block sizes stripe size of the array (or segment in the case of Fibre Channel). The stripe-unit size is the 4.7 Tuning the network subsystem 4.7.1 Considerations of traffic characteristics 4.7.2 Speed and duplexing 4.7.3 MTU size 4.7.4 Increasing network buffers Tuning window sizes Page Impact of socket buffer size 4.7.5 Additional TCP/IP tuning Tuning IP and ICMP behavior Page Tuning TCP behavior Tuning TCP options Chapter 4. Tuning the operating system 133 Draft Document for Review May 4, 2007 11:35 am 4285ch04.fm Figure 4-19 Netfilter rules applied 4.7.6 Performance impact of Netfilter Figure 4-18 No Netfilter rule applied TCP_CRR benchmark TCP_CRR benckmark TCP_CRR benchmark 4.7.7 Offload configuration Impact of offloading Chapter 4. Tuning the operating system 135 Draft Document for Review May 4, 2007 11:35 am 4285ch04.fm Figure 4-21 Throughput degradation by offloading Figure 4-20 CPU usage improvement by offloading cpu usage improvement - default vs offload off 4.7.8 Increasing the packet queues 4.7.9 Increasing the transmit queue length 4.7.10 Decreasing interrupts Page Page Page 4285ax01.fm 140 Hardware and software configurations Linux installed on guest IBM z/VM systems Linux installed on IBM System x servers Three IBM System x x236 servers were configured as shown in TableA-2. Page Page Abbreviations and acronyms 4285abrv.fm 144 Related publications IBM Redbooks Other publications Online resources Page How to get IBM Redbooks Help from IBM Page Index Symbols Numerics A B E F G H I N O P 4285IX.fm 152 Q R S T U V W X Z Page Page Redpaper Back cover INTERNATIONAL TECHNICAL SUPPORT ORGANIZATION Linux Performance and Tuning Guidelines