Some of my servers become unresponsive during traffic spikes (e.g. small DoS/DDoS attacks, which do not max out our connection.)
The servers become unresponsive because of high CPU usage, after running some tests I saw that only one core is being utilized for 100% during a <200Mbps packet flood. The server stopped replying to ICMP echo/ping.
I think the pictures explain them self.
On this machine we use VMQ, there are 7 Vport available. But according to the Intel driver only two are actually in use.
How can we allow VMQ/network stack on the host OS to use more than 1 core?
We've seen similar issues with servers with RSS load balancing, although the load balancing works better there. (spreads over multiple cores.)
Are there any tips to improve RSS load balancing during traffic spikes? We use Intel Xeon E3 systems with 4 cores + Hyper Threading and one Intel Xeon E5 system with 6 cores and Hyper Threading.
We want to keep the server working during traffic spikes and all round keep our latency to the minimum.