PHP Application with Web Root on Amazon EFS using up too much EFS bandwidth

Question

The web root /var/www/html is mounted on EFS

Mounting with usual AWS advised command and General Purpose EFS sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 fs-name.efs.eu-west-1.amazonaws.com:/ html

The system works as expected.

We seem to be running out of EFS credits so fast, I can't figure out what is taking out all the bandwidth and call credits. - PHP Opcache is turned on - PHP Opcache does not validate timestamps either, so no stat required to check if file has been modified. - AllowOverride on Apache is set to None (no .htaccess scanning, etc)

If I curl for a single .php file, I can see via tcpdump that there are no nfs calls after the initial call which is great. tcpdump -vvv -s 200 port nfs

Even if my test.php includes other .php files to test out, there are no calls to the server.

However, if I do a tcpdump and curl to the Zend Framework Application, there are several calls. This is just to the ZF application (no images, being downloaded). All the PHP files are to be on opcache so I am not sure what all these calls are for.

Any idea what is causing this huge bandwidth on EFS? We seem to be using up 300MB every 5 mins for a simple application.

Answer 1

There are several ways to gather information for this problem.

For all of these methods, I recommend using a tool that can process and visualize log files. I use Amazon Athena for this which makes loading Amazon logfiles from S3 so easy. Another visualization tool is Amazon QuickSight.

1. Examine the logfiles for your application. Try to determine traffic that is normal to find out if there is unexpected traffic. You could have good or bad bots trolling your site. Amazon WAF can help block bad traffic.
2. Enable VPC Flowlogs. Flowlogs will show you all of the network traffic. You can drill down to just your instance and EFS. Athena can then show you who is talking to who and where the bandwidth is being consumed.
3. Enable CloudTrail. CloudTrail will show you all of the APIs issued to EFS (and a lot more). This may identify something unexpected.
4. CloudWatch. CloudWatch can display metrics for you so that you can determine the time of day that EFS bandwidth is being consumed. You can also set alarms to notify you via email, SMS, etc. Many more features to help you monitor your infrastructure.

Please update this thread once you figure this out. Your experience and information will help others.