From owner-freebsd-isp@FreeBSD.ORG Thu Jun 12 07:51:16 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B55537B401 for ; Thu, 12 Jun 2003 07:51:16 -0700 (PDT) Received: from bellana.nc-rj.rnp.br (bellana.nc-rj.rnp.br [200.17.63.130]) by mx1.FreeBSD.org (Postfix) with SMTP id D055443F75 for ; Thu, 12 Jun 2003 07:51:13 -0700 (PDT) (envelope-from alex@rnp.br) Received: (qmail 51569 invoked by uid 0); 12 Jun 2003 14:51:11 -0000 Received: from kira.nc-rj.rnp.br (200.17.63.90) by 0 with SMTP; 12 Jun 2003 14:51:11 -0000 Received: (qmail 36879 invoked by uid 1013); 12 Jun 2003 14:51:10 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 12 Jun 2003 14:51:10 -0000 Date: Thu, 12 Jun 2003 11:51:10 -0300 (EST) From: Alex Soares de Moura X-X-Sender: alex@kira.nc-rj.rnp.br To: =?iso-8859-1?Q?Jo=E3o_Assad?= In-Reply-To: <020201c3304a$8fc5bd80$0402a8c0@joao> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE cc: freebsd-isp@freebsd.org Subject: Re: ipf/ipnat no memory problem X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jun 2003 14:51:16 -0000 Hello Jo=E3o, You can try testing (increasing) the kernel states below. The command below does the job: sysctl =3D net.inet.tcp.sendspace net.inet.tcp.recvspace net.inet.udp.recvspace net.inet.raw.maxdgram net.inet.raw.recvspace example: sysctl net.inet.tcp.sendspace =3D 32768 Alex -- RNP - Rede Nacional de Ensino e Pesquisa - http://www.rnp.br/ On Wed, 11 Jun 2003, Jo=E3o Assad wrote: > Hello guys, > > Does anybody have a clue on how to solve this problem ? > > firewall# ipfstat -s > IP states added: > 8950710 TCP > 24299 UDP > 4134 ICMP > 1592473870 hits > 3165269525 misses > 6 maximum > 650 no memory > 9215 bkts in use > 11005 active > 29606 expired > 8939070 closed > > firewall# ipnat -s > mapped in 913470782 out 1028719022 > added 59149802 expired 59056159 > no memory 129676 bad nat 0 > inuse 93643 > rules 38 > wilds 0 > firewall# > > I am getting "no memory" in both ipf and ipnat. > > CPU: Pentium III/Pentium III Xeon/Celeron (802.72-MHz 686-class CPU) > real memory =3D 134217728 (131072K bytes) > avail memory =3D 127221760 (124240K bytes) > > ---------Relevant configurations---------- > In /usr/src/sys/contrib/ipfilter/netinet/ip_state.h : > # define IPSTATE_SIZE 30011 > # define IPSTATE_MAX 21011 /* Maximum number of states held = */ > > Kernel options: > maxusers 0 > options IPFILTER > options IPFILTER_LOG > options IPFILTER_DEFAULT_BLOCK > options IPSTEALTH > options VM_KMEM_SIZE_SCALE=3D"2" > > I dont have the netstat -m output of my peak time which is when the probl= em > occurs, but right now its: > > firewall# netstat -m > 269/912/6016 mbufs in use (current/peak/max): > 269 mbufs allocated to data > 265/594/1504 mbuf clusters in use (current/peak/max) > 1416 Kbytes allocated to network (31% of mb_map in use) > 0 requests for memory denied > 0 requests for memory delayed > 0 calls to protocol drain routines > > > I would appreciate it if someone can give me some help in this issue, Im > completely in the dark right now. > > Best regards, > > -- > Jo=E3o Assad > ParPerfeito Comunica=E7=E3o LTDA > http://www.parperfeito.com.br/ > > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -- Alex Soares de Moura RNP - Rede Nacional de Ensino e Pesquisa | http://www.rnp.br/ +55 21 3205-9666 Tel +55 21 3205-9660 Fax