Excessive incoming traffic on node causes high CPU usage

Hi All,
This is my first message in this forum. Thank you a lot to everyone for your good advice on forum with guides etc in setting up pool relays and block producers, and all the trouble shooting.

I’ve noticed one of my Relays is experiencing excessive incoming traffic (on the same port as the Cardano node), and this is visible from the Cardano node text graph interface as well. It’s about 30-120 mbytes/sec, but it results in Cardano node requiring periodic excessive cpu usage, despite me adding more resources to the machine.

I am concerned some party is trying to break their way into the relay…for whatever reason, maybe to find out where the block producer is, etc…

At the moment this is looking more like a denial of service/resources on one of my relays. All other relays are behaving normally, without any significant incoming traffic (after having all synchronised etc). Transactions are showing up all well on the relays.

Question: has anyone noticed any similar patterns of strange Incoming traffic towards your relays?

Of course as this traffic is on the same port as the one Cardano node is listening on, I can’t do much about it with the firewall…yet.

Regards,
lenesul

Sorry, meant this strange traffic is 30-100 Kbytes/sec

Hello lenesul,

I would recommend installing fail2ban, but I don’t think that would address this specific issue.

Make sure your relay topology peer count has less than 20 total sum of valencies. I recommend a total valency count between 15-18. Anything higher than 20 and you will have issues as outbound connections require far more resources than inbound.

And just to make sure, Is your relay syncing, or already in sync?

I would recommend checking topology and restarting to see if the issue perists.

Your friend, FROG

Thank you for your reply. The relay is fully synced, and has 18 peers. Have restarted it a few times, but the issue didn’t go away. Have even restarted the Linux machine. The other identical relays (Apart from topology) on other machines don’t have the issue. In fact this machine has double the resources of the other relays I run.

Most interesting is that the incoming Strange high traffic (For the last 9 hours) has just stopped a short time after my post in the forum, and the cpu usage is back to normal. :slight_smile:

Thank you for your help!

Will keep monitoring it.

Awesome, Lenesul. Yes that does sound suspicious.

Definitely let us know if the problem persists and take care.