91 lines
2.1 KiB
Markdown
91 lines
2.1 KiB
Markdown
# TSG.BJ环境:Shaping配置加载问题导致限速失败
|
||
|
||
| ID | Creation Date | Assignee | Status |
|
||
|----|----------------|----------|--------|
|
||
| OMPUB-1074 | 2023-12-05T11:21:42.000+0800 | 刘文坛 | 已解决 |
|
||
|
||
|
||
---
|
||
|
||
测试环境:信息港TSG.BJ
|
||
|
||
描述:
|
||
1、下发并生效正反两条SplitBy 3Mbps策略,测试限速异常,然后Disable策略;新建正反两条FairShare 15Mbps策略,测试发现有2台测试客户端限速正常,第3台测试客户端限速失败。
|
||
!image-2023-12-05-11-20-05-064.png|thumbnail!
|
||
!image-2023-12-05-11-19-43-524.png|thumbnail!
|
||
|
||
2、删除两条FairShare策略,Enable两条SplitBy策略,测试发现三台测试客户端均没有限速效果,且SplitBy策略计数为空。
|
||
**liuchang** commented on *2023-12-05T11:30:30.934+0800*:
|
||
|
||
查看debug信息,firewall配置更新慢与shaping:
|
||
|
||
10:59,shaping更新配置到版本4144;
|
||
|
||
直到11:05,firewall更新配置到版本4144,firewall 更新配置在TSG_OBJ_FQDN表耗时50+秒
|
||
|
||
|
||
|
||
shaping 中maat debug:
|
||
|
||
!image-2023-12-05-11-29-04-988.png!
|
||
|
||
|
||
|
||
firewall中maat debug
|
||
|
||
!image-2023-12-05-11-29-49-122.png!
|
||
|
||
!image-2023-12-05-11-30-03-290.png!
|
||
|
||
!image-2023-12-05-11-30-08-403.png!
|
||
|
||
|
||
|
||
|
||
|
||
---
|
||
|
||
**liuwentan** commented on *2023-12-05T14:20:19.204+0800*:
|
||
|
||
h2. 背景
|
||
|
||
TSG_OBJ_FQDN 为 expr表,可构建的扫描引擎有两种: hyperscan 和 rulescan。当规则数量大于5w 条时,hyperscan 构建耗时1s+,规则越多耗时越大,200w规则构建耗时在1min 左右,而 rulescan 则只需10s。
|
||
|
||
maat所有表的配置更新均在同一个线程中完成,故如果某个表更新的耗时太高,会影响其他表的配置更新时效。
|
||
h2. 解决方案
|
||
|
||
maat在 v4.1.10之后支持按规则数量自动切换扫描引擎,规则量小于5w 时使用 hyperscan 引擎,超过5w 时使用 rulescan。
|
||
|
||
|
||
|
||
---
|
||
|
||
|
||
|
||
## Attachments
|
||
|
||
**47621/image-2023-12-05-11-19-43-524.png**
|
||
|
||
---
|
||
|
||
**47620/image-2023-12-05-11-20-05-064.png**
|
||
|
||
---
|
||
|
||
**47622/image-2023-12-05-11-29-04-988.png**
|
||
|
||
---
|
||
|
||
**47623/image-2023-12-05-11-29-49-122.png**
|
||
|
||
---
|
||
|
||
**47624/image-2023-12-05-11-30-03-290.png**
|
||
|
||
---
|
||
|
||
**47625/image-2023-12-05-11-30-08-403.png**
|
||
|
||
---
|
||
|