From owner-freebsd-questions@FreeBSD.ORG Sun Feb 5 16:45:13 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4099F16A420 for ; Sun, 5 Feb 2006 16:45:13 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0AEA43D45 for ; Sun, 5 Feb 2006 16:45:12 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 08F325CB3; Sun, 5 Feb 2006 11:45:12 -0500 (EST) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 44157-04; Sun, 5 Feb 2006 11:45:11 -0500 (EST) Received: from [192.168.1.3] (pool-68-161-67-226.ny325.east.verizon.net [68.161.67.226]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id 1268D5C73; Sun, 5 Feb 2006 11:45:11 -0500 (EST) Message-ID: <43E62B9D.5040302@mac.com> Date: Sun, 05 Feb 2006 11:45:17 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Andrew Pantyukhin References: In-Reply-To: X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com Cc: FreeBSD Questions Subject: Re: Trouble with resources under network load X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2006 16:45:13 -0000 Andrew Pantyukhin wrote: > I've got P4 box with 256Mb RAM. I want it to be able to > forward 5Mbit/s between 500 PPTP clients (no crypto/ > compression) and our ISP. I understand we should > probably get Cisco for this, or at least a higher-spec > box, but I just want this setup to be kinda proof of concept. > Complicated things can be done using cheap hardware > and a good OS. Can't they? Sure. :-) > ==================================================== > > I'm constantly stumbling upon some out-of-resources > problems. Just to name a couple: > > named[400]: client 10.32.23.92#1714: > error sending response: not enough free resources > > snmpd[806]: sysctl get: Cannot allocate memory > > ==================================================== > > I have these in loader.conf and sysctl.conf: > > kern.maxfiles=65536 > kern.maxfilesperproc=65536 > net.graph.maxdgram=65536 > net.graph.recvspace=65536 > kern.maxusers=512 > kern.ipc.maxpipekva=268435456 > net.graph.maxalloc=65536 [ ... ] > What's wrong? For one thing, if you've got a machine with 256MB of RAM, you cannot possibly be able to dedicate 256MB just to kern.ipc.maxpipekva. Likewise, a machine with 256MB of users would auto-tune kern.maxusers to ~100 or so, and kern.maxfiles ought to be under 10000, if not half that. You should revert to the defaults and make gradual tuning changes, if needed, from there. -- -Chuck