Score:0

Too much download bandwidth on nginx process

tg flag

I rent dedicated server from company and I noticed it is using too much download bandwidth constantly on nginx process even with low traffic on non peak hours. I checked with tcpdump and I saw those

05:59:41.415892 IP x.x.x.x.65524 > 224.1.1.14.search-agent: UDP, length 1472
05:59:41.415901 IP x.x.x.x.49842 > 224.24.1.7.search-agent: UDP, length 940
05:59:41.415938 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.416131 IP x.x.x.x.65524 > 224.1.1.14.search-agent: UDP, length 1472
05:59:41.416257 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.416481 IP x.x.x.x.65524 > 224.1.1.14.search-agent: UDP, length 1472
05:59:41.416498 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.416536 IP x.x.x.x.65524 > 224.1.1.14.search-agent: UDP, length 1472
05:59:41.416651 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.416751 IP x.x.x.x.65524 > 224.1.1.14.search-agent: UDP, length 1472
05:59:41.416770 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.416940 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.416957 IP x.x.x.x.65524 > 224.1.1.14.search-agent: UDP, length 1472
05:59:41.417134 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.417183 IP x.x.x.x.65524 > 224.1.1.14.search-agent: UDP, length 1472
05:59:41.417247 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.417349 IP x.x.x.x.65524 > 224.1.1.14.search-agent: UDP, length 1472
05:59:41.417364 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.417493 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.417511 IP z.z.z.z.54220 > 233.1.1.17.search-agent: UDP, length 1472
05:59:41.417553 IP z.z.z.z.63019 > 233.1.1.15.search-agent: UDP, length 1472
05:59:41.417580 IP x.x.x.x.65524 > 224.1.1.14.search-agent: UDP, length 416
05:59:41.417602 IP z.z.z.z.54220 > 233.1.1.17.search-agent: UDP, length 1472
05:59:41.417624 IP z.z.z.z.54216 > 233.1.1.18.search-agent: UDP, length 1128
05:59:41.417632 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.417701 IP z.z.z.z.63516 > 233.1.1.20.search-agent: UDP, length 1472
05:59:41.417745 IP z.z.z.z.54220 > 233.1.1.17.search-agent: UDP, length 1472
05:59:41.417764 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.417779 IP z.z.z.z.63516 > 233.1.1.20.search-agent: UDP, length 408
05:59:41.417806 IP z.z.z.z.54220 > 233.1.1.17.search-agent: UDP, length 472
05:59:41.417829 IP z.z.z.z.54218 > 233.1.1.14.search-agent: UDP, length 1472
05:59:41.417876 IP z.z.z.z.63019 > 233.1.1.15.search-agent: UDP, length 1472
05:59:41.417889 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.417924 IP z.z.z.z.63516 > 233.1.1.20.search-agent: UDP, length 1472
05:59:41.417940 IP z.z.z.z.63019 > 233.1.1.15.search-agent: UDP, length 1472
05:59:41.417980 IP z.z.z.z.54218 > 233.1.1.14.search-agent: UDP, length 596
05:59:41.417985 IP z.z.z.z.63516 > 233.1.1.20.search-agent: UDP, length 1160
05:59:41.418008 IP z.z.z.z.63019 > 233.1.1.15.search-agent: UDP, length 1472
05:59:41.418099 IP z.z.z.z.63019 > 233.1.1.15.search-agent: UDP, length 692
05:59:41.418100 IP x.x.x.x.53999 > 224.24.1.4.search-agent: UDP, length 1472
05:59:41.418152 IP z.z.z.z.54218 > 233.1.1.14.search-agent: UDP, length 1472

Above x.x.x.x, z.z.z.z IP is also not my server IPV4 but it is other ip from the service provider subnet.

EDIT:

And this is my ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet f.f.f.f  netmask 255.255.255.0  broadcast f.f.f.255
        ether 2c:44:fd:7f:fe:e0  txqueuelen 1000  (Ethernet)
        RX packets 6513838035  bytes 8249745134653 (7.5 TiB)
        RX errors 0  dropped 965  overruns 0  frame 0
        TX packets 860626046  bytes 934970894599 (870.7 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 38

eth1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 2c:44:fd:7f:fe:e1  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 39

eth2: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 2c:44:fd:7f:fe:e2  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 38

eth3: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 2c:44:fd:7f:fe:e3  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 39

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 35765450  bytes 98858211782 (92.0 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 35765450  bytes 98858211782 (92.0 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Is this a misconfiguration by the server provider or can I fix this by myself?

Score:0
us flag

This is multicast traffic, that is sent by some entity in your provider's network.

This can happen when the same L2 network is shared with several servers. You cannot really prevent that.

However, if none of your services are subscribed to the multicast group, the Linux kernel automatically drops the traffic. Therefore it shouldn't have any effect on the network performance.

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.