1. Forum
  2. Usenet
  3. COMP.UNIX.AIX

  • Loopback (lo0) interface showing high ipkt/opkt rates. Why?

    From inverasln@gmail.com@21:1/5 to All on Fri Mar 9 15:12:36 2018
    I have a POWER8 server that is running AIX 7.1 (7100-00-03-1115) that I am seeing some odd behavior on the network interfaces, and I'm trying to figure out why. I believe I am seeing excessive packets that are using the loopback (lo0) interface on my
    system.

    During a low usage period, I reset the interface stats (netstat -Zi) and afetr a few minutes took a new look at the values. Some addresses have been changed for confidentiality reasons.

    # netstat -in
    Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
    en0 1500 link#2 98.be.94.aa.bb.cc 33828 0 18469 0 0 en0 1500 192.168.28. 192.168.28.148 33828 0 18469 0 0 en1 1500 link#3 98.be.94.aa.bb.dd 0 0 0 0 0 en1 1500 10.1.3 10.1.2.3 0 0 0 0 0 lo0 16896 link#1 11976309 0 11976300 0 0 lo0 16896 127 127.0.0.1 11976309 0 11976300 0 0 lo0 16896 ::1%1 11976309 0 11976300 0 0


    Unfortunately I am not that well versed in troubleshooting these things so was wondering if anyone had some suggestions or commands I may not be aware of that can help figure out where these packets are coming from and why there are so many hitting the
    loopback interface in such a short period.

    This system has a client/server package running on it, with an Informix 12.10 FC8 instance operating there. But we have similar systems with the same RDBMS, same O/S, same client/server software and they have nowhere near this many hits on the lo0.

    I believe that there may be a performance issue on the system as a result of this, with some program constantly polling the loopback interface for no reason. I'm trying to pinpoint if this is a symptom of something that is not configured correctly and
    heading to loopback or localhost instead of where it should be going.

    Would something like tcpdump or iptrace help me here? I've never really used that before and not sure what to look for.

    I appreciate any info you may have on where to start looking or sample commands to try. Thanks.

    Steve

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Steve Nixon@21:1/5 to All on Mon Mar 12 11:50:04 2018
    I think using "tcpdump" gave me my answer. I issued this command on the AIX server that has the high loopback traffic:

    tcpdump -i lo0 -c 100 -n

    Using that, what I saw was several lines showing port 15001 in use. When I checked the /etc/services file, it looks like this is the port being used for the Informix instance. The RDBMS is using TCP socket traffic on this system as opposed to shared
    memory, and so that may help explain the high loopback values. At least it points me in the right direction.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)