From owner-freebsd-isp@FreeBSD.ORG Wed Jun 11 18:12:44 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B24ED37B405 for ; Wed, 11 Jun 2003 18:12:44 -0700 (PDT) Received: from mail.2goons.net (2goons.net [216.27.161.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7A2AD43FBD for ; Wed, 11 Jun 2003 18:12:43 -0700 (PDT) (envelope-from mwilliams@2goons.net) Received: (qmail 95750 invoked by uid 89); 11 Jun 2003 21:12:41 -0000 Received: from unknown (HELO admin.2goons.net) (mwilliams@216.27.161.249) by 2goons.net with SMTP; 11 Jun 2003 21:12:41 -0000 MIME-Version: 1.0 X-Mailer: V-webmail 1.5.0 ( http://www.v-webmail.co.uk/ ) Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable Message-ID: In-Reply-To: <020201c3304a$8fc5bd80$0402a8c0@joao> References: <020201c3304a$8fc5bd80$0402a8c0@joao> Date: Wed, 11 Jun 2003 17:12:41 -0400 From: "MFW" To: =?ISO-8859-1?Q?Jo=E3o?= Assad , Subject: Re: ipf/ipnat no memory problem X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: mwilliams@2goons.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jun 2003 01:12:45 -0000 I will take a quick stab at it. First off, I would add this to your kernel: options NMBCLUSTERS=3D16384 That will give you more memory for network traffic. Looks like this server = is reaching its limits. you might want to give that a shot now and see if you = are running into the same problem tonight. I would also write a script that run= s at peak time to capture 'netstat -m'. Also, if this box is running any gig interfaces, I would crank the number above up to 32768 (Maximum value for NMBCLUSTERS). Just my 2 cents. Matt Jo=E3o Assad wrote: > Hello guys, >=20 > Does anybody have a clue on how to solve this problem ? >=20 > firewall# ipfstat -s > IP states added: > 8950710 TCP > 24299 UDP > 4134 ICMP > 1592473870 hits > 3165269525 misses > 6 maximum > 650 no memory > 9215 bkts in use > 11005 active > 29606 expired > 8939070 closed >=20 > firewall# ipnat -s > mapped in 913470782 out 1028719022 > added 59149802 expired 59056159 > no memory 129676 bad nat 0 > inuse 93643 > rules 38 > wilds 0 > firewall# >=20 > I am getting "no memory" in both ipf and ipnat. >=20 > CPU: Pentium III/Pentium III Xeon/Celeron (802.72-MHz 686-class CPU) > real memory =3D 134217728 (131072K bytes) > avail memory =3D 127221760 (124240K bytes) >=20 > ---------Relevant configurations---------- > In /usr/src/sys/contrib/ipfilter/netinet/ip_state.h : > # define IPSTATE_SIZE 30011 > # define IPSTATE_MAX 21011 /* Maximum number of states held = */ >=20 > Kernel options: > maxusers 0 > options IPFILTER > options IPFILTER_LOG > options IPFILTER_DEFAULT_BLOCK > options IPSTEALTH > options VM_KMEM_SIZE_SCALE=3D"2" >=20 > I dont have the netstat -m output of my peak time which is when the probl= em > occurs, but right now its: >=20 > firewall# netstat -m > 269/912/6016 mbufs in use (current/peak/max): > 269 mbufs allocated to data > 265/594/1504 mbuf clusters in use (current/peak/max) > 1416 Kbytes allocated to network (31% of mb_map in use) > 0 requests for memory denied > 0 requests for memory delayed > 0 calls to protocol drain routines >=20 >=20 > I would appreciate it if someone can give me some help in this issue, Im > completely in the dark right now. >=20 > Best regards, >=20 > -- > Jo=E3o Assad > ParPerfeito Comunica=E7=E3o LTDA > http://www.parperfeito.com.br/ >=20 >=20 >=20 > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >=20 _________________________________________________________ This mail sent using V-webmail - http://www.v-webmail.org