ipf/ipnat no memory problem

Alex Soares de Moura alex at rnp.br
Thu Jun 12 07:51:16 PDT 2003 

Hello João,

You can try testing (increasing) the kernel states below.
The command below does the job:

sysctl <variable> = <value>

net.inet.tcp.sendspace
net.inet.tcp.recvspace
net.inet.udp.recvspace
net.inet.raw.maxdgram
net.inet.raw.recvspace

example:
sysctl net.inet.tcp.sendspace = 32768


Alex

--
RNP - Rede Nacional de Ensino e Pesquisa - http://www.rnp.br/

On Wed, 11 Jun 2003, João Assad wrote:

> Hello guys,
>
> Does anybody have a clue on how to solve this problem ?
>
> firewall# ipfstat -s
> IP states added:
>         8950710 TCP
>         24299 UDP
>         4134 ICMP
>         1592473870 hits
>         3165269525 misses
>         6 maximum
>         650 no memory
>         9215 bkts in use
>         11005 active
>         29606 expired
>         8939070 closed
>
> firewall# ipnat -s
> mapped  in      913470782       out     1028719022
> added   59149802        expired 59056159
> no memory       129676  bad nat 0
> inuse   93643
> rules   38
> wilds   0
> firewall#
>
> I am getting "no memory" in both ipf and ipnat.
>
> CPU: Pentium III/Pentium III Xeon/Celeron (802.72-MHz 686-class CPU)
> real memory  = 134217728 (131072K bytes)
> avail memory = 127221760 (124240K bytes)
>
> ---------Relevant configurations----------
> In /usr/src/sys/contrib/ipfilter/netinet/ip_state.h :
> # define        IPSTATE_SIZE    30011
> # define        IPSTATE_MAX     21011   /* Maximum number of states held */
>
> Kernel options:
> maxusers        0
> options         IPFILTER
> options         IPFILTER_LOG
> options         IPFILTER_DEFAULT_BLOCK
> options         IPSTEALTH
> options         VM_KMEM_SIZE_SCALE="2"
>
> I dont have the netstat -m output of my peak time which is when the problem
> occurs, but right now its:
>
> firewall# netstat -m
> 269/912/6016 mbufs in use (current/peak/max):
>         269 mbufs allocated to data
> 265/594/1504 mbuf clusters in use (current/peak/max)
> 1416 Kbytes allocated to network (31% of mb_map in use)
> 0 requests for memory denied
> 0 requests for memory delayed
> 0 calls to protocol drain routines
>
>
> I would appreciate it if someone can give me some help in this issue, Im
> completely in the dark right now.
>
> Best regards,
>
> --
> João Assad
> ParPerfeito Comunicação LTDA
> http://www.parperfeito.com.br/
>
>
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>

--
Alex Soares de Moura
RNP - Rede Nacional de Ensino e Pesquisa | http://www.rnp.br/

+55 21 3205-9666 Tel
+55 21 3205-9660 Fax

More information about the freebsd-isp mailing list