ipf/ipnat no memory problem

MFW mwilliams at 2goons.net
Wed Jun 11 18:12:45 PDT 2003 

I will take a quick stab at it.

First off, I would add this to your kernel:

options         NMBCLUSTERS=16384

That will give you more memory for network traffic. Looks like this server is
reaching its limits. you might want to give that a shot now and see if you are
running into the same problem tonight. I would also write a script that runs
at peak time to capture 'netstat -m'. Also, if this box is running any gig
interfaces, I would crank the number above up to 32768 (Maximum value for
NMBCLUSTERS).

Just my 2 cents.

Matt

João Assad <jfassad at parperfeito.com.br> wrote:

> Hello guys,
> 
> Does anybody have a clue on how to solve this problem ?
> 
> firewall# ipfstat -s
> IP states added:
>         8950710 TCP
>         24299 UDP
>         4134 ICMP
>         1592473870 hits
>         3165269525 misses
>         6 maximum
>         650 no memory
>         9215 bkts in use
>         11005 active
>         29606 expired
>         8939070 closed
> 
> firewall# ipnat -s
> mapped  in      913470782       out     1028719022
> added   59149802        expired 59056159
> no memory       129676  bad nat 0
> inuse   93643
> rules   38
> wilds   0
> firewall#
> 
> I am getting "no memory" in both ipf and ipnat.
> 
> CPU: Pentium III/Pentium III Xeon/Celeron (802.72-MHz 686-class CPU)
> real memory  = 134217728 (131072K bytes)
> avail memory = 127221760 (124240K bytes)
> 
> ---------Relevant configurations----------
> In /usr/src/sys/contrib/ipfilter/netinet/ip_state.h :
> # define        IPSTATE_SIZE    30011
> # define        IPSTATE_MAX     21011   /* Maximum number of states held */
> 
> Kernel options:
> maxusers        0
> options         IPFILTER
> options         IPFILTER_LOG
> options         IPFILTER_DEFAULT_BLOCK
> options         IPSTEALTH
> options         VM_KMEM_SIZE_SCALE="2"
> 
> I dont have the netstat -m output of my peak time which is when the problem
> occurs, but right now its:
> 
> firewall# netstat -m
> 269/912/6016 mbufs in use (current/peak/max):
>         269 mbufs allocated to data
> 265/594/1504 mbuf clusters in use (current/peak/max)
> 1416 Kbytes allocated to network (31% of mb_map in use)
> 0 requests for memory denied
> 0 requests for memory delayed
> 0 calls to protocol drain routines
> 
> 
> I would appreciate it if someone can give me some help in this issue, Im
> completely in the dark right now.
> 
> Best regards,
> 
> --
> João Assad
> ParPerfeito Comunicação LTDA
> http://www.parperfeito.com.br/
> 
> 
> 
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
> 

_________________________________________________________
This mail sent using V-webmail - http://www.v-webmail.org

More information about the freebsd-isp mailing list