Date: Mon, 19 Feb 2018 16:40:30 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Misak Khachatryan <kmisak@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Racoon and setkey problems Message-ID: <5A8A9B8E.2070400@grosbein.net> In-Reply-To: <CABfKv0ntGt6TCP7v9xa=MSSZqHwYbZtYtVd6s0gZ-Mbdu2qk5A@mail.gmail.com> References: <CABfKv0mYX2ouQ1k6M2Bd90yp=eQXP6HcHL7%2BdE2AZQ9afQ%2Bc2g@mail.gmail.com> <5A8A97EC.4040103@grosbein.net> <CABfKv0ntGt6TCP7v9xa=MSSZqHwYbZtYtVd6s0gZ-Mbdu2qk5A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
19.02.2018 16:28, Misak Khachatryan wrote: > # vmstat -m | egrep "sec|sah|pol" > inpcbpolicy 122 4K - 4955796 32 > secasvar 48558 12140K - 1572045 256 > sahead 3 1K - 15 256 > ipsecpolicy 256 64K - 9911740 256 > ipsecrequest 12 2K - 48 128 > ipsec-misc 389632 12176K - 12575976 16,32,64 Looking at huge "MemUse" values for secasvar and ipsec-misc, I suspect some kind of memory leak. FreeBSD 11.1 has new IPSEC implementation and you may consider trying new version. Meantime, you can try to flush all IPSEC-related data from the system: service racoon stop setkey -F; setkey -FP service racoon start If that does not help, reboot and start monitoring these numbers for secasvar and ipsec-misc. How many IPSEC tunnells/associations do you have simultaneously? And again, are those systems 32 bit or 64 bit?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A8A9B8E.2070400>