From owner-freebsd-security@FreeBSD.ORG Wed Nov 24 20:38:58 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05AE216A4F2 for ; Wed, 24 Nov 2004 20:38:58 +0000 (GMT) Received: from chicago.domecon.de (chicago.domecon.de [80.237.200.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id C4FFA43D55 for ; Wed, 24 Nov 2004 20:38:56 +0000 (GMT) (envelope-from eisenbarth@domecon.de) Received: (qmail 82764 invoked by uid 1032); 24 Nov 2004 20:38:55 -0000 Received: from eisenbarth@domecon.de by chicago.domecon.de by uid 89 with qmail-scanner-1.20 Clear:RC:1(213.23.15.42):SA:0(-0.6/8.0):. Processed in 2.118532 secs); 24 Nov 2004 20:38:55 -0000 X-Spam-Status: No, hits=-0.6 required=8.0 X-Qmail-Scanner-Mail-From: eisenbarth@domecon.de via chicago.domecon.de X-Qmail-Scanner: 1.20 (Clear:RC:1(213.23.15.42):SA:0(-0.6/8.0):. Processed in 2.118532 secs) Received: from dsl-213-023-015-042.arcor-ip.net (HELO localhost) (213.23.15.42) by domecon.de with SMTP; 24 Nov 2004 20:38:53 -0000 From: Thomas Eisenbarth Organization: DoMeCon To: freebsd-security@freebsd.org, akhthar@carmatec.com Date: Wed, 24 Nov 2004 21:30:19 +0100 User-Agent: KMail/1.7 References: <200411250002.37764.akhthar@carmatec.com> In-Reply-To: <200411250002.37764.akhthar@carmatec.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1222736.GZYedOQJSF"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411242130.24229.eisenbarth@domecon.de> Subject: Re: Mbuf errors X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Nov 2004 20:38:58 -0000 --nextPart1222736.GZYedOQJSF Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi there, Am Mittwoch, 24. November 2004 19:32 schrieb Akhthar Parvez. K: > All mbuf clusters exhausted, please see tuning(7). Did you have a look at this ? > 3704/6656/6656 mbuf clusters in use (current/peak/max) > 16980 Kbytes allocated to network (85% of mb_map in use) > 106522 requests for memory denied > 1545 requests for memory delayed tuning(7): kern.ipc.nmbclusters may be adjusted to increase the number of network mbufs the system is willing to allocate. Each cluster represents appr= ox- imately 2K of memory, so a value of 1024 represents 2M of kernel memory reserved for network buffers. You can do a simple calculation to figu= re out how many you need. If you have a web server which maxes out at 10= 00 simultaneous connections, and each connection eats a 16K receive and 1= 6K send buffer, you need approximately 32MB worth of network buffers to d= eal with it. A good rule of thumb is to multiply by 2, so 32MBx2 =3D 64MB= /2K =3D 32768. So for this case you would want to set kern.ipc.nmbclusters to 32768. We recommend values between 1024 and 4096 for machines with mo= d- erates amount of memory, and between 4096 and 32768 for machines with greater amounts of memory. Under no circumstances should you specify = an arbitrarily high value for this parameter, it could lead to a boot-time crash. The -m option to netstat(1) may be used to observe network clu= s- ter use. Older versions of FreeBSD do not have this tunable and requi= re that the kernel config(8) option NMBCLUSTERS be set instead. greetings =2D-=20 Thomas Eisenbarth eisenbarth@domecon.de Donau-Ries Media-Consulting http://www.domecon.de --nextPart1222736.GZYedOQJSF Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBBpO9fktWR+KhvEXIRAsLtAJ981Z2q6AN40Gs7Jzr0sn/gOes3xACgh+e2 9pPm221JUweNuc+elgntZwo= =3Uul -----END PGP SIGNATURE----- --nextPart1222736.GZYedOQJSF--