Very high nProbe memory usage

[novaksam]

I have a optical mirror feeding a switch that is mirroring packets to a number of appliances, nProbe being one of them. I'm observing super high (currently 39GB x2 processes) memory usage for the nProbe process. I'm not sure if this is a bug, or some kind of misconfiguration, but I haven't modified my configs in a long time, so I'm leaning towards bug. How should we proceed resolving this issue?

[cardigliano]

@novaksam please provide your nProbe configuration. Please also provide traffic information (traffic rate, number of flows, etc)

[novaksam]

Replaced the public IPs with a 127.0 prefix.

-i=zc:enp5s0f0@1,zc:enp5s0f1@1
-g=/etc/nprobe/nprobe-rss1.pid
-n=udp://127.0.25.51:2055
-n=udp://127.0.37.111:9891
--all-collectors
# Incoming - -u
# IF-MIB::ifDescr.13 = STRING: enp5s0f0
# Outgoing - -Q
# IF-MIB::ifDescr.14 = STRING: enp5s0f0
-u=13
-Q=14
--black-list 127.0.32.2/32,127.0.32.3/32,127.0.25.51/32
--local-networks 127.0.0.0/16,172.16.0.0/16
--local-traffic-direction
--cache-geoip-asn
-V 9
-o 100
--max-num-flows 2097152
--cpu-affinity 4
--export-thread-affinity 5
--lru-cache-size 131072
--capture-direction 0
-T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %IP_PROTOCOL_VERSION %PROTOCOL %SRC_TOS %L7_PROTO_NAME %BITTORRENT_HASH %DIRECTION"

Traffic rate is 10Gbps, not sure how to get flow count.

[stuhunter4]

possibly related issue - https://github.com/ntop/nProbe/issues/579