Date: Wed, 30 Sep 2015 18:06:10 -0700 From: Felix Gallo <felixgallo@gmail.com> To: freebsd-pf@freebsd.org Subject: PF appears to lock up a machine with a large number of jails Message-ID: <CAJfDOsT52xtQ3w3BOVRu2zCF-mhku79-_8-ed6_15=TKmNkb7Q@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
FreeBSD ip-172-31-63-223 10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12 15:26:37 UTC 2015 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 I am using the github dev version of 'iocage' (an ezjail-like shell script) to generate a large number of jails. SITUATION 1. When I am creating the jails, which all use a shared ipv6 interface to the hosts' loopback, in a loop, after a certain number of jails (sometimes ~70, sometimes ~100), the machine appears to hang. Upon reboot, the machine has nothing interesting in the logs. SITUATION 2. I then realized that I had TSO enabled on the interface, which seems to interact very badly with pf. So I disabled it and started creating the jails again. Again, it hung the box, but this time seemed to take a lot longer to do so (over 100 jails created). SITUATION 3. I rebooted. I then disabled pf and created the jails. This went fine and I was able to create and run 750 jails without issue. SITUATION 4. I rebooted. I disabled TSO. I then attempted to re-enable pf with pfctl -e. This immediately killed the box. SITUATION 5. I rebooted. I then deleted all my jails, recreated a smaller number (150) with PF disabled and TSO disabled, and then re-enabled PF. This appeared to work for a time, but after some period of time, the machine again hung. Not sure how else to help debug this one; happy to help if given direction. F.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJfDOsT52xtQ3w3BOVRu2zCF-mhku79-_8-ed6_15=TKmNkb7Q>