[Bug 254236] pfsync bulk update fails on systems with many CPU cores

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Mar 12 10:34:05 UTC 2021 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254236

            Bug ID: 254236
           Summary: pfsync bulk update fails on systems with many CPU
                    cores
           Product: Base System
           Version: Unspecified
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: topical at gmx.net

Created attachment 223204
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=223204&action=edit
Enforce sending of bucket containing "bulk update" request

On startup, pfsync initiates a "bulk update" to fetch all states from sync
peer:

kernel: pfsync: requesting bulk update

One systems with many cores, this step fails in most cases:

kernel: pfsync: failed to receive bulk update

This is because the "bulk update" is not sent to the sync peer. Internally, all
pfsync requests (like "bulk update") are put into "buckets". The content of a
bucket is usually sent when the bucket is sufficiently filled (i.e. the
generated IP packet just fits into the MTU).

The number of buckets is twice the number of CPU cores by default to reduce
lock contention, but you can change this at boot time with
"net.pfsync.pfsync_buckets".

If you have many cores and little traffic on the host, buckets won't be filled
fast enough and the bucket with the "bulk update" request will not be sent
within timeout. If it sent later on, the host is not in bulk update mode
anymore and will discard the bulk update response.

I identified the following solutions/workarounds:

1. Enforce sending buckets after generating bulk update request by patching
if_pfsync.c
2. Reduce number of buckets (very unreliably and even "4" may be too high if
your host is in standby mode and thus receives very little traffic)
3. Force sending of all buckets by temporarily reducing MTU of pfsync interface

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list