kern/144917: Flowtable crashes system

Doychin Dokov root at net1.cc
Sat Mar 20 23:10:03 UTC 2010 

>Number:         144917
>Category:       kern
>Synopsis:       Flowtable crashes system
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 20 23:10:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Doychin Dokov
>Release:        8.0-RELEASE-p2
>Organization:
Data Syst Ltd.
>Environment:
FreeBSD wilma.net1.cc 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Tue Jan  5 21:11:58 UTC 2010     root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
It seems like flowtable has been merged and enabled by default in 8.0.... which is a really really bad idea.
On a system which handles two full BGP tables it makes one of the CPU cores run at 100% right after most of the prefixes get installed in the routing table. Performance is seriously harmed, as well is ZFS speed  - it's dramatically slow (sometimes 3x-4x). The system crashes in random time - between 1 and 10 minutes right after it has booted and started installing the routes in the kernel routing table. Observations with top -PS show that a process called 'flowcontroller' is overwhelming the CPU.
Adding net.inet.flowtable.enable=0 to /etc/sysctl.conf AND rebooting the system fixes the problem. Changing the sysctl after the problem has appeared does not seem to fix it - the system still crashes in a while. 
This is very very embarassing when upgrading from 7.x, and is also very undocumented:
wilma# man flowcontroller
No manual entry for flowcontroller
wilma# man flowtable
No manual entry for flowtable
I think this feature should be disabled by default (according to what i've found about that, it helps with heavy traffic like 10G links - it's far more frequent for one to use lots of prefixes than 10G), or - at least - better documented and maybe automatically disabled by packages which deal with lots of prefixes (e.g. quagga, openbgpd, etc.) 
>How-To-Repeat:
1. Install 8.0-RELEASE (does not matter if you update to the latest patchlevel with freebsd-update)
2. Install quagga or openbgpd or some other routing daemon
3. Feed it with lots of routes (e.g. full internet routing table)
4. Grab a coffee
5. It'll crash until your cup is still smoking.

P.S. I've only tested with FreeBSD installed on ZFS root
>Fix:
Add this to /etc/sysctl.conf:
net.inet.flowtable.enable=0

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list