very high traffic without any load

Thu May 2 21:56:21 CEST 2019

Are you sure that traffic isn't loopback to itself?

I'm not %100 sure but I've seen something like this before where it seems a
ton of traffic was going over a nic but it was localhost or loopback so it
was communication to itself that was causing high numbers.

On Thu, May 2, 2019, 3:51 PM Absolute Truth <requiredtruth at gmail.com> wrote:

> You could always run a wireshark on the line and watch the traffic
> directly.
>
> On Thu, May 2, 2019, 3:48 PM Christopher Klinge <Christ.Klinge at web.de>
> wrote:
>
>> I will test this ASAP, but can you elaborate as to why this would happen?
>> If there is no payload traffic in the VPN, there should be no reason to
>> query for IP addresses. And if tinc switches do query for addresses without
>> cause, why would they query for each possible address individually? When an
>> entire subnet is assigned to one node, shouldn't that suffice? Even if two
>> nodes had the same subnet assigned to them, a switch should simply
>> multicast to both peers to find the target of a connection. Am I missing
>> something important?
>>
>> *Gesendet:* Donnerstag, 02. Mai 2019 um 20:38 Uhr
>> *Von:* "Absolute Truth" <requiredtruth at gmail.com>
>> *An:* tinc at tinc-vpn.org
>> *Betreff:* Re: Re: very high traffic without any load
>> I suspect your /64.. try giving a single address to two seperate machine
>> so one single addresses for each. /32 . Then check your traffic. Tinc is a
>> mesh network. If you give it millions of addresses. Then its probably
>> checking each one.
>>
>> On Thu, May 2, 2019, 2:06 PM Christopher Klinge <Christ.Klinge at web.de>
>> wrote:
>>
>>> Good evening,
>>>
>>> all of my servers where set up fresh with no other applications running
>>> besides tinc and my ssh sessions. I just double checked and those are the
>>> two only processes on my machines that have active sockets. Additionally,
>>> the SSH sessions do not go through the VPN, but are set up directly to the
>>> machines. Does tinc provide a way for differentiating between between meta
>>> and payload traffic?
>>>
>>> Kind regards and thanks for your time,
>>> Christopher
>>>
>>> *Gesendet:* Mittwoch, 01. Mai 2019 um 23:29 Uhr
>>> *Von:* "Lars Kruse" <lists at sumpfralle.de>
>>> *An:* tinc at tinc-vpn.org
>>> *Betreff:* Re: very high traffic without any load
>>> Hello Christopher,
>>>
>>>
>>> Am Wed, 1 May 2019 12:37:33 +0200
>>> schrieb "Christopher Klinge" <Christ.Klinge at web.de>:
>>>
>>> > There is however a large amount of management traffic which I assume
>>> should
>>> > not be the case.
>>>
>>> indeed - I never noticed an unreasonable amount of tinc management
>>> traffic
>>> with any of my setups.
>>>
>>> How exactly did you verify, that tinc meta traffic is really the culprit?
>>> Did you compare the traffic over your uplink interface with the traffic
>>> over the tinc interface?
>>> Maybe there is just a huge amount of payload traffic exchanged between
>>> the
>>> nodes over the tinc VPN?
>>> Since you are using "switch" mode, this could even be broadcast traffic.
>>>
>>> Cheers,
>>> Lars
>>> _______________________________________________
>>> tinc mailing list
>>> tinc at tinc-vpn.org
>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>> _______________________________________________
>>> tinc mailing list
>>> tinc at tinc-vpn.org
>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>> _______________________________________________ tinc mailing list
>> tinc at tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20190502/ae4e2762/attachment.html>