Date: Sun, 23 Jun 2002 17:11:26 -0400 From: Don Bowman <don@sandvine.com> To: 'Jonathan Lemon' <jlemon@flugsvamp.com>, Don Bowman <don@sandvine.com>, stable@freebsd.org Subject: RE: panic in syncache/rtfree with 4.6 Message-ID: <FE045D4D9F7AED4CBFF1B3B813C8533767657C@mail.sandvine.com>
next in thread | raw e-mail | index | archive | help
Jonathan Lemon wrote:
...
> >Does it seem reasonable to get a panic in this circumstance?
>
> No. What does the panic message say? Do you happen to have a kernel
> coredump + kernel somewhere to take a look at?
>
> The offset of the crash within rtfree() seems to indicate that you've
> triggered the first panic, which would only be the case here
> if rnh == NULL:
>
> struct radix_node_head *rnh =
> rt_tables[rt_key(rt)->sa_family];
>
> The panic dump would show if sa_family was garbage for some reason.
Yes, that's what seems to happen. This is repeatable when I run out
of mbufs. I'll see about getting a core & kernel available.
I increased NMBCLUSTERS to 64000 and the problem still occurs.
>
>
> >I'm expecting to keep ~35K TCP sessions open on this device.
> Is syncache
> >appropriate, or should I disable and use an external device
> to protect
> >against DOS?
>
> Yup, syncache only applies to new SYNs (unsynchronized
> connections), it
> doesn't matter how many existing open connections you have.
> Your syncache
> statistics (the net.inet.tcp.syncache.count entry) show that you don't
> have any entries in your syncache at the moment.
Well, the sysctl was run after the system came back up, so there
would have been no connections. At the time it failed there would
have been ~4K connections, each from a different IP to a different IP.
Do I need to do any tuning to syncache paramters to achieve my ~35k
established connections limit with a 1K listen q? I'm expecting
reasonably short connection lifetimes, so connections will come and
go fairly frequently.
I should mention I've done something that may or may not be common
with routing for the purpose of this test. I have 20 PC's acting
as 'load generators'. Each of them, and the device under test, are
on a layer-2 network connected with gige. Each of the 20 PCs
has a set of 510 aliases created, 1.0.0.2...1.0.1.255, 1.0.2.2...1.0.3.255,
etc. The device under test (DUT) (which is the one that is crashing here)
is on the same layer-2 network. It has the '.1' interface from each
of those networks, eg 1.0.0.1, 1.0.2.1, 1.0.4.1, etc. Each of these
has a /23 mask as well.
The routing table on the DUT thus looks like:
# netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
1/23 link#1 UC 0 0 bge0
1.0.2/23 link#1 UC 0 0 bge0
1.0.4/23 link#1 UC 0 0 bge0
1.0.6/23 link#1 UC 0 0 bge0
1.0.8/23 link#1 UC 0 0 bge0
1.0.10/23 link#1 UC 0 0 bge0
...
# ifconfig bge0
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=3<rxcsum,txcsum>
inet 1.0.0.1 netmask 0xfffffe00 broadcast 1.0.1.255
inet 1.0.2.1 netmask 0xfffffe00 broadcast 1.0.3.255
inet 1.0.4.1 netmask 0xfffffe00 broadcast 1.0.5.255
inet 1.0.6.1 netmask 0xfffffe00 broadcast 1.0.7.255
inet 1.0.8.1 netmask 0xfffffe00 broadcast 1.0.9.255
...
It will be receiving inbound connections from each of those subnets.
It has ip-forwarding off. It will be initiating outbound connections to
each of those subnets
For purpose of expedience, there are 128 such interfaces & routes
created on the DUT (because sometimes I use more or less than 20 PC's
to load gen it).
I'l re-run this with a crash dump enabled and see about making it &
the kernel available.
--don
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FE045D4D9F7AED4CBFF1B3B813C8533767657C>