From owner-freebsd-questions Tue Mar 5 0:44: 9 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mip.co.za (puck.mip.co.za [209.212.106.44]) by hub.freebsd.org (Postfix) with ESMTP id 6B31B37B400 for ; Tue, 5 Mar 2002 00:43:59 -0800 (PST) Received: from patrick (patrick.mip.co.za [10.3.13.181]) by mip.co.za (8.9.3/8.9.3) with SMTP id KAA92674 for ; Tue, 5 Mar 2002 10:43:42 +0200 (SAST) (envelope-from patrick@mip.co.za) From: "Patrick O'Reilly" To: "FreeBSD Question List" Subject: natd hogging processor Date: Tue, 5 Mar 2002 10:50:06 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all. I have noticed lately that natd sometimes seems to consume huge amounts of processor time for no apparent reason. I am running multiple instances of natd on different divert sockets as I need to NAT across different interfaces. See these 'ps' results, taken just over one hour apart from one another: -------------- (at 09:25 AM) 517 ?? Rs 247:56.44 /sbin/natd -f /etc/natd.conf -n xl0 -p 8660 527 ?? Ss 59:44.57 /sbin/natd -f /etc/natd.conf -n xl1 -p 8661 537 ?? Ss 70:24.40 /sbin/natd -f /etc/natd.conf -n xl2 -p 8662 -------------- (at 10:30 AM) 517 ?? Ss 259:37.86 /sbin/natd -f /etc/natd.conf -n xl0 -p 8660 527 ?? Ss 71:24.48 /sbin/natd -f /etc/natd.conf -n xl1 -p 8661 537 ?? Ss 70:27.51 /sbin/natd -f /etc/natd.conf -n xl2 -p 8662 -------------- Notice that the natd daemons on xl0 and xl1 each accumulated 12 minutes of processor time!!! But xl2 took just 3 seconds. This is NOT a very busy gateway (xl0 faces the 'net over a 128k line!). When this occurs it goes in fits and starts, as if the daemon gets into a tight loop for a while, and then pops out again. While this happens the processor is 100% busy, and then it goes to 98-99% idle! This gateway server runs ipfw and natd, and NOTHING ELSE. It is a dedicated firewall/gateway server. -------------- root perimeter:~# uname -a FreeBSD perimeter.DOMAIN 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Mon Feb 4 10:57:00 SAST 2002 root@perimeter.DOMAIN:/usr/obj/usr/src/sys/perimeter i386 -------------- Is this a problem that might be solved by bringing the box up to 4.5-RELEASE ? PS: I was using DUMMYNET for traffic shaping, and at first I suspected that natd and DUMMYNET were not working well together. I have recently stopped using all DUMMYNET pipes, but the problem persists. Regards, Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message