0

I have an EC2 instance (r3.xlarge) with only MySQL running on it. At some points in time, this machine sends a sustained amount of information (at almost a rate of 400Mbps) for about an hour or more (in many cases), to another EC2 instance which is running Magento (c3.2xlarge).

This data transfer completely tanks the Magento EC2 machine bringing our website to an almost halt.

How can I diagnose what this data is?

20151218-CloudWatch-Magento-TrafficIn-MySQL-TrafficOut-1

Also, as per iptraf, the machine is only outputting only about 50 Mbps (I can't explain the discrepancy!)

enter image description here

EDIT1:

This is not a hacked / compromised server situation as the traffic is going to the web server itself. Very High Network out in ec2 instance

EDIT2

The difference in the data transfer speeds reported by iptraf and CloudWatch has been resolved. CloudWatch reports speeds per minute (as per email from AWS helpdesk inquiry), so:

As per CloudWatch, 

we are consuming ~400 million (not mega) bytes per minute, 
so 400/60 = 6.66 million bytes per second, 
which is 6666 kilo bytes per second, 
which at 8 bits per byte is: 53328 kilo bits per second.
Community
  • 1
siliconpi
  • 1,707
  • 6
  • 30
  • 45
  • 1
    I'm guessing Magento is requesting the data, a scheduled task perhaps that's doing a backup or cache or similar activity? – Drew Khoury Dec 18 '15 at 12:17
  • I came up with two "obvious" explanations, and then ruled both of them out as incorrect. 50 MByte =~ 400 Mbit, but it doesn't look like you have a bits vs bytes error. Also, it's interesting that you are finding such a tight correlation between "out" from one machine and "in" to another. Does `mysql> SHOW FULL PROCESSLIST;` not reveal anything interesting? What about `iptraf` on the web server? – Michael - sqlbot Dec 18 '15 at 12:26
  • Perform a packet capture. That will give you many more details on the nature of the traffic. – EEAA Dec 18 '15 at 13:14

0 Answers0