From owner-freebsd-questions@FreeBSD.ORG Wed May 5 12:33:54 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 60A6A16A4CE; Wed, 5 May 2004 12:33:54 -0700 (PDT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id DCDD243D1F; Wed, 5 May 2004 12:33:53 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin08-en2 [10.13.10.153]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id i45JXrqs008698; Wed, 5 May 2004 12:33:53 -0700 (PDT) Received: from [10.1.1.193] (nfw2.codefab.com [199.103.21.225] (may be forged)) (authenticated bits=0)i45JXqg4005012; Wed, 5 May 2004 12:33:53 -0700 (PDT) In-Reply-To: <01a501c432ce$adf20e30$4b0a000a@yourqqh4336axf> References: <01a501c432ce$adf20e30$4b0a000a@yourqqh4336axf> Mime-Version: 1.0 (Apple Message framework v613) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <207CE1A8-9ECB-11D8-8DD7-003065ABFD92@mac.com> Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Wed, 5 May 2004 15:33:46 -0400 To: adp X-Mailer: Apple Mail (2.613) cc: questions@freebsd.org cc: performance@freebsd.org Subject: Re: Abnormal network errors? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 May 2004 19:33:54 -0000 On May 5, 2004, at 2:27 PM, adp wrote: > On this server I'm thinking I need two things: > > 1. More sockets available. > 2. Larger sockbufs for send and recv. > > Is this an accurate assessment? Given the application of this system, you might want to up the value of kern.ipc.nmbclusters by a factor of four or so (it's NBMCLUSTERS in the kernel config file). However, it's not essential-- your "netstat -m" is OK, and your TCP send and receive windows are reasonably sized as-is by default. > What is "2432320 packets for unknown/unsupported protocol"? What > specifically does this mean? (In other words, what should I do to > resolve > this?) It means machines are sending non-IP traffic on your network, which is normal if you have Windows protocols (NetBEUI, SPX/IPX) or Macs (AppleTalk) around. Or chatty network devices like some printers.... See /usr/include/net/ethernet.h for an idea, or maybe "tcpdump not ip" might give some idea of what's going by. > What about "921363 calls to icmp_error"? ICMP messages like responding to a ping, or people sending traffic with RFC-1918 unroutable addresses (gives "dest unreachable")... > Under tcp I have "481930 embryonic connections dropped". I assume that > means > I don't have enough sockets available for when this server gets loaded. > Correct? More likely, these are someone doing a port scan and leaving half-open connections lying around to get cleaned up. ---- It might be helpful if you gave us some idea as to what the performance problem you were seeing was? Is NFS access slow, or some such? Are you seeing errors or collisions in netstat -i or in whatever statistics your switch keeps per port? The following areas struck me as being relevant: > # ifconfig rl0 First, consider upgrading to a fxp or dc-based NIC. > udp: > 272987897 datagrams received > [ ... ] > 19976574 dropped due to full socket buffers This is high enough to represent a concern, agreed. > ip: > 578001924 total packets received [ ... ] > 4899083 fragments received > 4 fragments dropped (dup or out of space) > 750 fragments dropped after timeout > 842689 packets reassembled ok [ ... ] > 609745425 packets sent from this host > 1914687 output datagrams fragmented > 10496350 fragments created Second, you're fragmenting a relatively large number of packets going by, you ought to see what's going on with your MTU and pMTU discovery. I suppose if you're using large UDP datagrams with NFS, that might be it. [ The machines I've got around with comparible traffic volume might have 400 frags received, and 10 transmitted, or some such. ] -- -Chuck