Date: Wed, 11 Jun 2003 17:12:41 -0400 From: "MFW" <mwilliams@2goons.net> To: =?ISO-8859-1?Q?Jo=E3o?= Assad <jfassad@parperfeito.com.br>, <freebsd-isp@freebsd.org> Subject: Re: ipf/ipnat no memory problem Message-ID: <hgc5l5.n4xcf4@admin.2goons.net> In-Reply-To: <020201c3304a$8fc5bd80$0402a8c0@joao> References: <020201c3304a$8fc5bd80$0402a8c0@joao>
next in thread | previous in thread | raw e-mail | index | archive | help
I will take a quick stab at it. First off, I would add this to your kernel: options NMBCLUSTERS=3D16384 That will give you more memory for network traffic. Looks like this server = is reaching its limits. you might want to give that a shot now and see if you = are running into the same problem tonight. I would also write a script that run= s at peak time to capture 'netstat -m'. Also, if this box is running any gig interfaces, I would crank the number above up to 32768 (Maximum value for NMBCLUSTERS). Just my 2 cents. Matt Jo=E3o Assad <jfassad@parperfeito.com.br> wrote: > Hello guys, >=20 > Does anybody have a clue on how to solve this problem ? >=20 > firewall# ipfstat -s > IP states added: > 8950710 TCP > 24299 UDP > 4134 ICMP > 1592473870 hits > 3165269525 misses > 6 maximum > 650 no memory > 9215 bkts in use > 11005 active > 29606 expired > 8939070 closed >=20 > firewall# ipnat -s > mapped in 913470782 out 1028719022 > added 59149802 expired 59056159 > no memory 129676 bad nat 0 > inuse 93643 > rules 38 > wilds 0 > firewall# >=20 > I am getting "no memory" in both ipf and ipnat. >=20 > CPU: Pentium III/Pentium III Xeon/Celeron (802.72-MHz 686-class CPU) > real memory =3D 134217728 (131072K bytes) > avail memory =3D 127221760 (124240K bytes) >=20 > ---------Relevant configurations---------- > In /usr/src/sys/contrib/ipfilter/netinet/ip_state.h : > # define IPSTATE_SIZE 30011 > # define IPSTATE_MAX 21011 /* Maximum number of states held = */ >=20 > Kernel options: > maxusers 0 > options IPFILTER > options IPFILTER_LOG > options IPFILTER_DEFAULT_BLOCK > options IPSTEALTH > options VM_KMEM_SIZE_SCALE=3D"2" >=20 > I dont have the netstat -m output of my peak time which is when the probl= em > occurs, but right now its: >=20 > firewall# netstat -m > 269/912/6016 mbufs in use (current/peak/max): > 269 mbufs allocated to data > 265/594/1504 mbuf clusters in use (current/peak/max) > 1416 Kbytes allocated to network (31% of mb_map in use) > 0 requests for memory denied > 0 requests for memory delayed > 0 calls to protocol drain routines >=20 >=20 > I would appreciate it if someone can give me some help in this issue, Im > completely in the dark right now. >=20 > Best regards, >=20 > -- > Jo=E3o Assad > ParPerfeito Comunica=E7=E3o LTDA > http://www.parperfeito.com.br/ >=20 >=20 >=20 > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >=20 _________________________________________________________ This mail sent using V-webmail - http://www.v-webmail.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?hgc5l5.n4xcf4>