Author: lechuck park

AI Infrastructure Architect & Technical Visualizer "Complex Systems, Simplified. I translate massive AI infrastructure into visual intelligence." I love to learn computer tech and help people by the digital.

interrupt and ksoftirqd

Posted on by lechuck park

In linux, The procedure of interrupts is divided by  The Top half and The Bottom half.

  • Top half
    • mainly transfer data to repository for processing data like calling API with parameter in the programming.
    • on example, network card received packet , and then will trigger proper interrupt after storing packet data at memory somewhere in the NIC.
    • Uninterruptible by OS.
  • Bottom half
    • working .. working ..
    • can be interruptible.
      • ksoftirq calls when bottom half is too long to process queued other interrupts(the top half).
      • You can see that ksoftirqd keep CPU high when the bottom half which run too long time is working .

 

(further) need to explain with kernel source.

Spark 2.1.0 on CentOS 6.8 Installation ….procedure

Posted on by lechuck park

This page is for installation Setup Spark on CentOS 6.8 . the final goal is all removing WARN/ERROR after starting pyspark on my machie. so. you cant get enough information. but I hope that it will help you.

below is my WARN message when I started pyspark ( in spark-2.1.0-bin-hadoop2.7.tgz ).

17/03/02 06:50:58 WARN NativeCodeLoader: Unable to load native-hadoop library for your platform… using builtin-java classes where applicable
17/03/02 06:50:58 WARN Utils: Your hostname, localhost.localdomain resolves to a loopback address: 127.0.0.1; using 211.58.253.190 instead (on interface eth2)
17/03/02 06:50:58 WARN Utils: Set SPARK_LOCAL_IP if you need to bind to another address
/home/lechuck/SPARK/spark-2.1.0-bin-hadoop2.7/python/pyspark/context.py:194: UserWarning: Support for Python 2.6 is deprecated as of Spark 2.0.0
warnings.warn(“Support for Python 2.6 is deprecated as of Spark 2.0.0”)
17/03/02 06:51:02 WARN ObjectStore: Failed to get database global_temp, returning NoSuchObjectException

# Java update.

17/03/02 06:42:29 WARN SparkContext: Support for Java 7 is deprecated as of Spark 2.0.0

# java -version
java version “1.7.0_131”

# yum list | grep jdk

…………….

# yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel

………………

# java -version
openjdk version “1.8.0_121”
OpenJDK Runtime Environment (build 1.8.0_121-b13)
OpenJDK 64-Bit Server VM (build 25.121-b13, mixed mode)

# Set Envinroment SET_LOCAL_IP

17/03/02 06:50:58 WARN Utils: Your hostname, localhost.localdomain resolves to a loopback address: 127.0.0.1; using 211.58.253.190 instead (on interface eth2)

17/03/02 06:50:58 WARN Utils: Set SPARK_LOCAL_IP if you need to bind to another address

# mv spark-env.sh.template spark-env.sh ( on spark conf directory)

# vi spark-env.sh

# – SPARK_LOCAL_IP, to set the IP address Spark binds to on this node
export SPARK_LOCAL_IP=127.0.0.1              <<< add this

# ./spark-env.sh

# For Python 2.7  ( Skipped installation Python 2.7. It will be easy with configure/make/make install with tarball )

/home/lechuck/SPARK/spark-2.1.0-bin-hadoop2.7/python/pyspark/context.py:194: UserWarning: Support for Python 2.6 is deprecated as of Spark 2.0.0
warnings.warn(“Support for Python 2.6 is deprecated as of Spark 2.0.0”)

# python -V
Python 2.6.6

# vi ~/.bashrc

alias python=/usr/local/bin/python2.7

# . ~/.bashrc                     << no need to do it from next login 

# Hadoop ( NOT YET )

17/03/02 07:24:45 WARN NativeCodeLoader: Unable to load native-hadoop library for your platform… using builtin-java classes where applicable

# global temporary view ( NOT YET )

17/03/02 06:51:02 WARN ObjectStore: Failed to get database global_temp, returning NoSuchObjectException

Did you see TCP Window zero..case?

Posted on by lechuck park

As you know, TCP use buffer to arrange received Data from other peer every each TCP connection. and at that time, TCP windows is for notification to other peer about available buffer size right now for itself TCP connection.

Sometime you can see TCP Window = zero packet when you analysis raw packet with wireshark like..

I am Sure These below is not all case for TCP window Zero.. but when I get a new idea. I will update this writes.

  1. Too Many Request .. Server cant process received request right now.
    1. so send TCP Window zero…for notify ” PLZ dont send packet anymore.. wait!!”
  2. Too Delay(Problem) on Network State for this TCP connection.
    1. Big Sequence number.. but I didn’t get former sequence packet.
      1. network problem or threat… It can’t be avoid .. on TCP Protocol..

and link…..

https://wiki.wireshark.org/TCP%20ZeroWindow

 

How about remove old data from mysql.

Posted on by lechuck park
  1. check Event ON state.

    show variables where Variable_name like ‘%event%’;

  2. if not set ON

    SET GLOBAL event_scheduler = ON;

  3. Example for Event Job – delete data which was inserted over a week ago.

    delimiter |
    CREATE EVENT IF NOT EXISTS <#event_name>
    ON SCHEDULE
    EVERY 1 DAY
    DO
    BEGIN
    delete from <#table_name> where stime < DATE_SUB(NOW(), INTERVAL 7 Day );
    END |
    delimiter ;

  4. check Event

    select EVENT_DEFINITION from information_schema.events where event_name='<#event_name>’;

  5. check Event state

    show events from <#database name>

  6. How to backup to csv. ( how about adding this event before delete.. with where phase) – this example is not concerned with  event example on this page.

  7. SELECT order_id,product_name,qty
    FROM orders
    INTO OUTFILE ‘/tmp/orders.csv’
    FIELDS TERMINATED BY ‘,’
    ENCLOSED BY ‘”‘
    LINES TERMINATED BY ‘\n’;

How to send TCP_RST to Block HTTP_REQ.

Posted on by lechuck park

# This is the part for the solution that blocked abnormal HTTP GET.

the below is summary of network architecture.

  1. Get mirrored packet from TAP switch is located Backbone-Router and border’s.
  2. Only get HTTP Get Packet with DPI Switch(Arista). used match TCP Payload
    1. Arista Switch can stir the packet have HTTP Get string.
  3. Server check if the packet is matched with Src/Dst IP and port and having HTTP_GET.
  4. Send RST packet with Seq/Ack/Payload len of HTTP_Get Packet.
    1. use RAW_PACKET socket.
    2. Source is internal IP which must be protected and Destination is External(abnormal HTTP site).
    3. RST packet is Source is External IP and..Destination is Source IP
    4. Seq is from Ack ( on External,Destination)
    5. Ack is from Seq + Payload len ( on Internal, Source)
    6. tcp flag is RST | ACK
    7. IP identification is don’t cared. ( It can be also adjusted if possible to get whole packet, On this page, only get HTTP Get packet, so cant know passed packet )
    8. TCP windows : htons (4500) + rand() % 1000 ( also. not mandatory )
    9. Need to send RST packet ASAP after receiving the HTTP_GET packet via ethernet port which can access to Internal IP Machine.
    10. below is some code for..

// ack is from TCP seq value, seq is from TCP ack value from Internal -> External HTTP_GET packet , payload_len is ip_total_len – ip_header_len – tcp_header_len

ack = ntohl(ack) + payload_len;
ack = htonl(ack);

tcpheader->th_seq = seq;
tcpheader->th_ack = ack;

When IP Duplication is made?

Posted on by lechuck park

I developed TCPIP stack concerned program … during many years.  and I implemented IP Duplication Checking Logic. Just Checked IP identification is same or not when 2 tuple( source IP, Destination IP)  is *same. But… I didn’t think about it in detail. “When IP Duplication is invoked?”

* IP Identification Field. – It is kinds of Unique-Sequence number on Same Source-Destination IP.

First. I can’t find any clues  about  “IP Duplication case” in IP Header .and I could find TCP Duplication easily but. Not easy to find “IP Duplication case”.

but. Finally

https://tools.ietf.org/html/rfc6864#section-3.1

you can find this …

Other uses have been envisioned for the IPv4 ID field.  The field has
   been proposed as a way to detect and remove duplicate datagrams,
   e.g., at congested routers (noted in Section 3.2.1.5 of [RFC1122]) or
   in network accelerators.  It has similarly been proposed for use at
   end hosts to reduce the impact of duplication on higher-layer
   protocols (e.g., additional processing in TCP or the need for
   application-layer duplicate suppression in UDP).  This is discussed
   further in Section 5.1.

please check these words.. ‘congested router’ , ‘network accelerators’..

Could you guess  ‘congested router’ , ‘network accelerators’. how it works? I will avoid to mention about details about this device. but .. I assume they have buffer for control packets.

“Having Buffer” means it can make copied packet for more faster.. for more reliable .do you make sense ? … Yes. these kind of network device can send same packet again and again if They found have some problem of sending packet… But sent packet could reach destination even though that packet are considered as wrong packet.. because.. Receiver (deliver) cant know this packet is wrong or not…just will process it.

So. on TCPIP Stack Implementation. IP Duplication Checking is MUST.

That’s all… My Guess can be wrong in details.  but I convince that It almost right.  Sorry .. but My Recommendation is that You must think about it with your story if you hope to understand it.. and You will get the insight.

* IP identification  field on (Source/Destination IP is same ) can also same when IP packet is fragmented ( by Network Device which is located in Network Path ). It will also be written in the future.