Forum Discussion

D__Charles_Shid's avatar
D__Charles_Shid
Icon for Nimbostratus rankNimbostratus
Jul 19, 2010

iRules, CPU, and breaking the world

Hi all!

 

 

I can't believe I'm about to ask this question; I've been looking most of today and wouldn't you know it, pretty much every single bit of iRule design and engineering, from the rules themselves down to the guts of the engine, have to do with making them consume as little CPU as possible. So that makes this even weirder:

 

 

I have to find a way to make an iRule eat the system. Like, not in a small way. I need to make one that's deliberately broken to cause both a CPU0 overload, and a total system overload, to drive both utilizations, independently, to 100%. It's for a set of monitoring tests that are kind of untried, but need validation.

 

 

How could one accomplish this? Thanks!

 

application delivery
dev
devops
iRules

4 Replies

Sort By
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Jul 22, 2010
    I got one of these from someone internally, it really cooked my CPU, helped when I was building out the CPU cacti templates for v10: 

    
when CLIENT_ACCEPTED {
  after 1 -periodic {
    set i 0
    while { $i < 150 } {
      sha512 [expr [expr 188888 * rand()] / 8675309]
      incr i
     }
   }
  TCP::collect
}
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jul 19, 2010
    I think TMM will get restarted after it gets too busy to answer heartbeats. How long are you trying to keep CPU1 (or the TMM CPU(s)) highly utilized? A simple way to trigger a TMM restart would be to increment a counter forever: 

    
when CLIENT_ACCEPTED {

   set i 0
   while {1} {
      incr i
   }
}

    Aaron
  • L4L7_53191's avatar
    L4L7_53191
    Icon for Nimbostratus rankNimbostratus
    Jul 19, 2010
    You'll know that you're starting to constrain when you see 'clock skipped xxx ticks' messages in /var/log/ltm. They indicate a CPU constraint and generally mean that you're in trouble. Crash away!

     

     

    -Matt
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Jul 19, 2010
    Now this is a fun one. If you really want to stress out the TMM, you need to do something that's CPU intensive but doesn't block and thus cause a restart. In thinking to our optimization list on iRules and reversing it, I came up with these two items that could make things fun.

    1. Use very large variables.

    2. Use regular expressions.

    I think the following iRule does just that. It creates a string of numbers from 0-9 repeated 10k times (for a total of a 100k string). It then uses the credit card scrubber iRule to traverse that string.

    when HTTP_REQUEST {
  set s [string repeat 0123456789 10000]
  set regex {(?:3[4|7]\d{2})(?:[ ,-]?(?:\d{5}(?:\d{1})?)){2}|(?:4\d{3})(?:[ ,-]?(?:\d{4})){3}|(?:5[1-5]\d{2})(?:[ ,-]?(?:\d{4})){3}|(?:6011)(?:[ ,-]?(?:\d{4})){3}}
    set idx [regexp -all -inline -indices $regex $s];
    HTTP::respond 200 content "regex completed";
}

    Now, that in itself won't lock things up as it seems to return sub-second for me. You will now have to throw in a script that queries the virtual the iRule is running on. ApacheBench (ab) is installed on the BIG-IP and you can easily use that. Point it at your virtual for a couple hundred thousand requests or so and it seems to drive the TMMs right up to the 100% mark.

    ab -c 10 -n 10000 http://virtualserver/

    Just plug in the external virtual address of your virtual server into virtualserver and you are set to go. Feel free to increase the numbers if you want to test to run longer.

    Just don't tell product support we recommended this B-).

    -Joe