From owner-freebsd-net@FreeBSD.ORG  Sat Apr  5 07:02:48 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 99A4BC6C
 for <freebsd-net@freebsd.org>; Sat,  5 Apr 2014 07:02:48 +0000 (UTC)
Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com
 [IPv6:2a00:1450:400c:c00::22a])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 35143903
 for <freebsd-net@freebsd.org>; Sat,  5 Apr 2014 07:02:48 +0000 (UTC)
Received: by mail-wg0-f42.google.com with SMTP id y10so4380995wgg.13
 for <freebsd-net@freebsd.org>; Sat, 05 Apr 2014 00:02:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type:content-transfer-encoding;
 bh=5ri169ykUNuR89LokUl+2aQJpEW9tcvSoaSzvtPpeRk=;
 b=Qu3YmTtRwk/jmaqYWE7RaKWxkzUqcIGcOlHRFEuv8Is/thzEJkLHZ0g1RyCZQPtHSM
 knER+W253NpKhE5BqlqMh1nh5w6eacUCZDGtw9qrkIjHwkn6Qu+tZlZiGW5Ywn4vsYTb
 KiMz0G0r/WINQSccZfY0ifEDqXhqsoQxOKcBmOfcqMAhMshsOXAGbiO8NBKEz2mSHh2n
 LcXqfxc9C/DLwm9+BJEATfuGJHcB9vsNO6+VXNYhGD59zXs9r2DdRlN2mVR7BXyix7AW
 zw6/j2XSryBg7ewp44fLlqFfS+pRag3sDkgJzETFA1UoCxN1o7/JJOMN5/Mu9gGlYwMy
 bpTg==
MIME-Version: 1.0
X-Received: by 10.180.13.8 with SMTP id d8mr7929474wic.13.1396681366452; Sat,
 05 Apr 2014 00:02:46 -0700 (PDT)
Received: by 10.14.211.134 with HTTP; Sat, 5 Apr 2014 00:02:46 -0700 (PDT)
In-Reply-To: <CAAcX-AFDqwG0xJ8_qcaG_K0-TC8xE4EfKLR0GURkMGQiZOKCpQ@mail.gmail.com>
References: <CAAcX-AFDqwG0xJ8_qcaG_K0-TC8xE4EfKLR0GURkMGQiZOKCpQ@mail.gmail.com>
Date: Sat, 5 Apr 2014 00:02:46 -0700
Message-ID: <CALCpEUHQJtOME9qLCn4N5PaZa=cRBdmeRrPR7hSwTPghDz_RuQ@mail.gmail.com>
Subject: Re: netisr 0 : %100 and other netisr threads are waiting
From: hiren panchasara <hiren.panchasara@gmail.com>
To: =?UTF-8?B?w5Z6a2FuIEtJUklL?= <ozkan.kirik@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Apr 2014 07:02:48 -0000

On Thu, Apr 3, 2014 at 9:54 PM, =C3=96zkan KIRIK <ozkan.kirik@gmail.com> wr=
ote:
> Hi,
>
> I am trying to use suricata on FreeBSD 10 amd64.
> FreeBSD behaves as a VLAN router and NAT Box.
>
> Traffic is about 400Mbps.
> When i diverted traffic to suricata, swi: netisr 0 thread gets %100 cpu.
> other netisr threads are %0. And Even I remove the divert rule, netisr
> still eats %100 cpu.  I think that something looping :)

To be clear, this happens only *after* you divert traffic to suricata, righ=
t?

> And after 1-2 minutes, one of igb0 and igb1 stops working.
> Only reboot solves problem.
>
> Hardware has 8 cores, 24GB Ram
>
> My loader.conf :
>
> hw.igb.txd=3D"4096"
> hw.igb.rxd=3D"4096"
> hw.igb.rx_process_limit=3D1024
> hw.igb.num_queues=3D3
> net.isr.maxthreads=3D3
> net.isr.bindthreads=3D1
> net.isr.defaultqlimit=3D4096
> net.isr.maxqlimit=3D20480
> net.link.ifqmaxlen=3D10240
>
> How can I debug this situation?
> Any suggestions?

I am not an expert here but please upload o/p for "sysctl net.isr" and
"sysctl dev.igb" which would show error counters to get some idea
about why igb0 or igb1 stops working. Whether we are running out of
some resources or something else is going on.

cheers,
Hiren