All work
- Improve alarmd Drools engine performance by using STREAM modeNMS-12455Resolved issue: NMS-12455Jesse White
- Enable downtime model-based node deletion to happen when unmanaged interfaces existNMS-12442Resolved issue: NMS-12442Benjamin Reed
- Ticket-creating automations are incorrectly enabled by defaultNMS-12439Resolved issue: NMS-12439Christian Pape
- Associate exporter node using Observation Domain IdNMS-12435Resolved issue: NMS-12435Christian Pape
- Add system test for IpfixTcpParserNMS-12434Resolved issue: NMS-12434fooker
- Classification Engine: The end of the range is excluded, which is not intuitiveNMS-12433Resolved issue: NMS-12433Markus von Rüden
- Classification UI: Error responses are not shown properlyNMS-12432Resolved issue: NMS-12432Markus von Rüden
- Cannot define a specific layer in topology app URLNMS-12431Resolved issue: NMS-12431Markus von Rüden
- Classification Engine reload causes OOM when defining a bunch of rulesNMS-12429Resolved issue: NMS-12429Markus von Rüden
- Allow telemetry flows to balance across Kafka partitionsNMS-12427Resolved issue: NMS-12427Jesse White
- Wrong links in the Help/Support pageNMS-12418Resolved issue: NMS-12418Ronny Trommer
- possible issue in JCIFS Monitor - contiously increase of threads - finally heap dumpNMS-12407Resolved issue: NMS-12407Christian Pape
- Refactoring of the Cassandra installation instructionsNMS-12397Resolved issue: NMS-12397Marcel Fuhrmann
Classification Engine reload causes OOM when defining a bunch of rules
Description
Acceptance / Success Criteria
Lucidchart Diagrams
Details
Assignee
Markus von RüdenMarkus von Rüden(Deactivated)Reporter
Markus von RüdenMarkus von Rüden(Deactivated)Sprint
NoneFix versions
Priority
Major
Details
Details
Assignee
Reporter
Sprint
Fix versions
Priority
MajorPagerDuty
PagerDuty
PagerDuty
Activity
Markus von RüdenDecember 4, 2019 at 1:53 PMEdited
The way the classification engine works internally is, that all rules are mapped to actual ports, even if they define a range of port. The idea behind this is, that while classifying an incoming request the ports are known and the lookup is very fast (only 2 lookups -> src & dst ports).
A Rule on the other hand is converted to a list of matchers.
A rule defining a port, protocol and ip address is converted to 3 matchers, where each is determing if parts of the incoming request match:
is port matching
is protocol matching
is ip matching
Internally, if a rule is defining a port range, let's say 1-65535 the rule is duplicated 65535 times (resulting in a total of 65536 rules) and applied to mapped port. But with the duplication of each rule also the number of classifiers is duplicated, thus resulting in a huge increase in memory consumption.
For a rule which defines a protocol, an ip address and applies to ALL ports, the memory impact for the current implementation is roughly: 20 MB.
Please note if omnidirectional is set to true, the number of rules is doubled, resulting in doubling the memory usage for the classification rules.
When defining a bunch of rules an engine reload may result in an OOM exception.
To reproduce the issue, simply create a rule which sets the port value to 1-65535 or omits the value completely. Try increasing the number of rules by 5 and watch the memory consumption on each reload of the engine. At some point the JVM runs out of memory. For me it was around 20-25. Please note, that with omnidirectional=true the JVM runs out of memory more quickly.