From owner-freebsd-net  Wed Oct 31  5:27:35 2001
Delivered-To: freebsd-net@freebsd.org
Received: from www.microelectronics.com (www.microelectronics.com [4.18.26.20])
	by hub.freebsd.org (Postfix) with ESMTP id 3986437B403
	for <freebsd-net@FreeBSD.ORG>; Wed, 31 Oct 2001 05:27:32 -0800 (PST)
Received: from zul.microcenter.com (zul.microcenter.com [4.18.26.10])
	by www.microelectronics.com (Pro-8.9.3/Pro-8.9.3) with SMTP id IAA28247
	for <freebsd-net@FreeBSD.ORG>; Wed, 31 Oct 2001 08:27:33 -0500
Received: from sysadm.microcenter.com by zul.microcenter.com
          via smtpd (for www.microelectronics.com [4.18.26.20]) with SMTP; 31 Oct 2001 13:24:22 UT
Received: from mail.microcenter.com (anbhpc.microcenter.com [10.10.29.94])
	by sysadm.microcenter.com (8.8.5/8.8.5) with ESMTP id IAA10826
	for <freebsd-net@FreeBSD.ORG>; Wed, 31 Oct 2001 08:27:15 -0500 (EST)
Message-ID: <3BDFFCEC.32FF9CC@mail.microcenter.com>
Date: Wed, 31 Oct 2001 08:30:20 -0500
From: Aaron Bush <abush@microcenter.com>
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.2-2 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-net@FreeBSD.ORG
Subject: tuning network limits?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Hello,

I have a FreeBSD 4.3-RELEASE box that appears to be dropping network
connections.  The system is using ipf to track state and only allow web
(http, https) connections.  Once per day i index one of the virtual
domains by using htdig.  Sometimes htdig is not able to index the entire
site (itself, via route through loopback) and other times it can.

The problem is not isolated to htdig though.  A PHP application has also
reported that it was unable to open a socket.

The /var/log/messages show no packets being dropped by the ipf rules
(default is to block and log).  I am assuming that the system must be
hitting some kernel limit and not allowing any more sockets to be
created.  In the handbook i see mention of tuning the NMBCLUSTERS
options and assume that the following command shows that i have indeed
hit the limit (mbuf clusters?).  Also the requests for memory denied
seems to be high, would failed attempts to create sockets cause this to
increase?

tosh# netstat -m
623/2304/4096 mbufs in use (current/peak/max):
	263 mbufs allocated to data
	360 mbufs allocated to packet headers
239/1024/1024 mbuf clusters in use (current/peak/max)
2624 Kbytes allocated to network (85% of mb_map in use)
9152 requests for memory denied
3 requests for memory delayed
0 calls to protocol drain routines

What other tools can i use to determine where the problem may be.

Thanks,
-ab

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message