From owner-freebsd-questions@FreeBSD.ORG Tue Jan 29 17:43:13 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 13BA816A417 for ; Tue, 29 Jan 2008 17:43:13 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: from hal.rescomp.berkeley.edu (hal.Rescomp.Berkeley.EDU [169.229.70.150]) by mx1.freebsd.org (Postfix) with ESMTP id F089413C4EA for ; Tue, 29 Jan 2008 17:43:12 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: by hal.rescomp.berkeley.edu (Postfix, from userid 1225) id B85B13C0452; Tue, 29 Jan 2008 09:43:02 -0800 (PST) Date: Tue, 29 Jan 2008 09:43:02 -0800 From: Christopher Cowart To: Norman Maurer Message-ID: <20080129174302.GK41095@hal.rescomp.berkeley.edu> Mail-Followup-To: Norman Maurer , freebsd-questions References: <1201592778.6811.1.camel@norman-laptop> <20080129080412.GH41095@hal.rescomp.berkeley.edu> <1201598690.6811.5.camel@norman-laptop> <1201600025.6811.8.camel@norman-laptop> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="iCHaPkWk0Ne6xagp" Content-Disposition: inline In-Reply-To: <1201600025.6811.8.camel@norman-laptop> Organization: RSSP-IT, UC Berkeley User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-questions Subject: Re: FreeBSD 6.3 racoon cpu 99,9% after some time workin X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jan 2008 17:43:13 -0000 --iCHaPkWk0Ne6xagp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 29, 2008 at 10:47:05AM +0100, Norman Maurer wrote: > Am Dienstag, den 29.01.2008, 10:24 +0100 schrieb Norman Maurer: > > Am Dienstag, den 29.01.2008, 00:04 -0800 schrieb Christopher Cowart: > > > On Tue, Jan 29, 2008 at 08:46:18AM +0100, Norman Maurer wrote: > > > > I have some strange problem.. After racoon works some hours it seem= s to > > > > "freeze" and get a cpu usage of 99,9%. The vpns don't work anymore = too.. > > > > Any idea ? > > >=20 > > > By any chance do you have a large number of tunnels? We went so far as > > > to write a daemon to watch racoon and restart it automatically. We > > > finally ended up bumping up buffer sizes in the ipsec-tools sources a= nd > > > sysctl. > > >=20 > > > See this thread from -net: > > > http://lists.freebsd.org/pipermail/freebsd-net/2007-August/015046.html > > >=20 > >=20 > > We have about 15 tunnels.. Can you please show me the changes you did > > ( maybe a diff ) and the shell script ? 15 tunnels doesn't sound like enough to cause problems; we were dealing with 80-100 SAs before we saw problems. The patch is here: http://lists.freebsd.org/pipermail/freebsd-net/2007-September/015456.html Our sysctl change is this: $ sysctl -a kern.ipc.maxsockbuf kern.ipc.maxsockbuf: 4194304 You might try pinging -net with the symptoms or drawing some of these old threads.=20 --=20 Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley --iCHaPkWk0Ne6xagp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iQIVAwUBR59lpiPHEDszU3zYAQLx9Q/9H5VYHF9tm99jAM4wcz5LB7ml5EnvEnQm vHONN4ZdEjNHH6OwCfxoEKSsX54qiRFo7Smlksjo2lrf7+9JjsJYx5Cqr+7RgbB8 jmbMz9U/fW4fPdw7XtmzsYzDVIM1DjS9WknrbJ3fRahWomi91GBh/kIMafKF3Yvb 5pQP+0ygsFialneZFPrd44IZBkiCwYFfTxP0SNXDoZQf6gH38+0mW15Gx13QEzAJ eBlwbGAAlewrBhs12e07a+gLp+KZUl0PtiK5SW4GZpFI7eq2AgDwcPtEJOwPS/ix eWx2+xdWswf8IDzulpqUwoDzH3GzaHifOEYXzNakszSGeOsbBtMQmeA8L8lJvXkv SVFUIBwPearctydIW2wO8gJnSLEsahbBw+GvilDWBEdCt6s9TPx6aO/GLkrDa9n4 ZRtymjZrxKmSuWfnmfzDqGC/6aMRdhi1qPlWse+tHA7PhZzMYTOOF7WeZc1/3uvR S9AQBRof0nCPR51KTj5WlHTpXMtfofqecrw4zVHMSAYZMWaL05tITCdEkWAlRTTY qo6C1TZQGA5EMPj7m+nvHUS/gtwrA+GGDHA++x5RCGqKnl2Ao4EiADcBrGqS6+Pu 7yiwyN/wYRN4v6vmbLNYjUFEYTRPRzzax/dPcZwkWhqNO/2LjaRV06QpoKmVV7zW SCU+/Jj5zTA= =R8Y0 -----END PGP SIGNATURE----- --iCHaPkWk0Ne6xagp--