kern/144917: Flowtable crashes system

Vincent Hoffman vince at unsane.co.uk
Thu Apr 8 13:05:38 UTC 2010 

On 08/04/2010 13:07, Barney Cordoba wrote:
>
> --- On Fri, 4/2/10, K. Macy <kmacy at freebsd.org> wrote:
>
>   
>> From: K. Macy <kmacy at freebsd.org>
>> Subject: Re: kern/144917: Flowtable crashes system
>> To: "Ilya Zhuravlev" <ilya at el-crane.net>
>> Cc: freebsd-net at freebsd.org, "Evgenii Davidov" <dado at korolev-net.ru>
>> Date: Friday, April 2, 2010, 11:07 PM
>> Please try with the latest 8-STABLE
>> and tell me if recent changes fix it.
>>
>> Thanks,
>> Kip
>>
>> On Thu, Mar 25, 2010 at 8:32 AM, Ilya Zhuravlev <ilya at el-crane.net>
>> wrote:
>>     
>>> On 21.03.2010 17:04, Evgenii Davidov wrote:
>>>       
>>>> Здравствуйте,
>>>>
>>>> On Sat, Mar 20, 2010 at 11:06:35PM +0000, Doychin
>>>>         
>> Dokov пишет:
>>     
>>>>         
>>>>>> Description:
>>>>>>             
>>>>> It seems like flowtable has been merged and
>>>>>           
>> enabled by default in 8.0....
>>     
>>>>> which is a really really bad idea.
>>>>> On a system which handles two full BGP tables
>>>>>           
>> it makes one of the CPU
>>     
>>>>> cores run at 100% right after most of the
>>>>>           
>> prefixes get installed in the
>>     
>>>>> routing table.
>>>>>           
>>>> i saw the same effect with ospf
>>>>
>>>>         
>>> 8.0-p2, 2 full-view with openbgpd
>>> "tuning":
>>> net.inet.tcp.blackhole=2
>>> net.inet.udp.blackhole=1
>>> net.inet.icmp.icmplim_output=0
>>> net.inet.icmp.drop_redirect=1
>>> net.inet.flowtable.nmbflows=32768
>>>
>>> 1 week uptime.Now I think only about increasing tx/rx
>>>       
>> descriptors to reduce
>>     
>>> interrupts (default values was not changed)
>>>
>>>
>>> netstat -w1 -Iigb0
>>>            input         (igb0)        
>>>       
>>   output
>>     
>>>   packets  errs      bytes    packets  errs  
>>>       
>>    bytes colls
>>     
>>>     49100     0   12290513      23693     0
>>>       
>>   27268884     0
>>     
>>>     48322     0   12688283      24332     0
>>>       
>>   28099404     0
>>     
>>>     50602     0   12759620      24437     0
>>>       
>>   27698341     0
>>     
>>>     47857     0   11354124      21410     0
>>>       
>>   23845155     0
>>     
>>> netstat -w1 -Iigb1
>>>            input         (igb1)        
>>>       
>>   output
>>     
>>>   packets  errs      bytes    packets  errs  
>>>       
>>    bytes colls
>>     
>>>     32428     0   35027019      24562     0
>>>       
>>    5624934     0
>>     
>>>     30621     0   33384339      23569     0
>>>       
>>    4456944     0
>>     
>>>     28419     0   31014269      21571     0
>>>       
>>    3638083     0
>>     
>>>     29409     0   32524760      22137     0
>>>       
>>    3503600     0
>>     
>>>     30965     0   33532742      23973     0
>>>       
>>    5089231     0
>>     
>>> netstat -w1 -Iem0
>>>            input          (em0)        
>>>       
>>   output
>>     
>>>   packets  errs      bytes    packets  errs  
>>>       
>>    bytes colls
>>     
>>>     17217     0    3929366      72741     0
>>>       
>>   46377762     0
>>     
>>>     17412     0    3745112      75522     0
>>>       
>>   49338883     0
>>     
>>>     18385     0    4014568      77444     0
>>>       
>>   50532101     0
>>     
>>>     17142     0    3875518      77125     0
>>>       
>>   47646681     0
>>     
>>>     16870     0    3528316      73188     0
>>>       
>>   47940959     0
>>     
>>>     17069     0    3682891      80268     0
>>>       
>>   52904747     0
>>     
>>>     17313     0    4101576      75586     0
>>>       
>>   51933330     0
>>     
>>> _______________________________________________
>>> freebsd-net at freebsd.org
>>>       
>
> How about telling us how to turn it off; or better yet how to not
> compile it into the kernel at all. Thats the best solution.
>
> As my Dad used to say on a regular basis, we need this like we 
> need a hole in our head. Is 8.0 the Kip Macy personal test bed?
>
> Why is something that virtually no-one needs enabled by default?
>
> Barney
>
>   
I havent followed the whole thread so if this doesnt actally work for
some reason then sorry for noise.

[root at prawn ~]# sysctl -a | grep flowtable
net.inet.ip.output_flowtable_size: 2048
net.inet.flowtable.nmbflows: 4096
net.inet.flowtable.tcp_expire: 86400
net.inet.flowtable.fin_wait_expire: 600
net.inet.flowtable.udp_expire: 300
net.inet.flowtable.syn_expire: 300
net.inet.flowtable.collisions: 0
net.inet.flowtable.max_depth: 0
net.inet.flowtable.free_checks: 8845
net.inet.flowtable.frees: 2181
net.inet.flowtable.misses: 2403
net.inet.flowtable.lookups: 11633
net.inet.flowtable.hits: 9231
net.inet.flowtable.enable: 1
net.inet.flowtable.debug: 0


[root at prawn ~]# sysctl -d net.inet.flowtable.enable
net.inet.flowtable.enable: enable flowtable caching.

[root at prawn ~]# sysctl net.inet.flowtable.enable=0
net.inet.flowtable.enable: 1 -> 0


Vince
>       
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>

More information about the freebsd-net mailing list