RELENG_8 pf stack issue (state count spiraling out of control)

Vlad Galu dudu at dudu.ro
Tue May 3 10:13:36 UTC 2011 

On Tue, May 3, 2011 at 11:31 AM, Vincent Hoffman <vince at unsane.co.uk> wrote:

> On 03/05/2011 10:16, Jeremy Chadwick wrote:
>
> <snip lots of data relevant to the discussion but not my answer>
> > Sadly I don't see a way with bsnmpd(8) to monitor things like interrupt
> > usage, etc. otherwise I'd be graphing that.  The more monitoring the
> > better; at least then I could say "wow, interrupts really did shoot
> > through the roof -- the box went crazy!" and RMA the thing.  :-)
> >
> you could use net-mgmt/bsnmp-regex although I dont know what the
> overhead for that is like.
>

I use munin for graphing, as it allows easy scripting without using SNMP.

My case is a bit different from Jeremy's. Every once in a while there is a
sudden traffic spike which impacts pf performance as well. However, the
graphed figures are nowhere near what I'd consider alarming levels (this box
has withstood more in the past). I was able to coincidentally log in after
such a spike and noticed the pfpurge thread eating up about 30% of the CPU
while using the normal optimization policy. In my case, it could be related
to another issue I'm seeing on this box - mbuma allocation failures. Here
are my graphs:

http://dl.dropbox.com/u/14650083/PF/bge_bits_1-week.png
http://dl.dropbox.com/u/14650083/PF/bge_packets_1-week.png
http://dl.dropbox.com/u/14650083/PF/bge_stats_1-week.png
http://dl.dropbox.com/u/14650083/PF/load-week.png
http://dl.dropbox.com/u/14650083/PF/mbuf_errors-week.png
http://dl.dropbox.com/u/14650083/PF/mbuf_usage-week.png
http://dl.dropbox.com/u/14650083/PF/pf_inserts-week.png
http://dl.dropbox.com/u/14650083/PF/pf_matches-week.png
http://dl.dropbox.com/u/14650083/PF/pf_removals-week.png
http://dl.dropbox.com/u/14650083/PF/pf_searches-week.png
http://dl.dropbox.com/u/14650083/PF/pf_src_limit-week.png
http://dl.dropbox.com/u/14650083/PF/pf_states-week.png
http://dl.dropbox.com/u/14650083/PF/pf_synproxy-week.png

I'll wait for the next time the symptom occurs to switch to a stateless
configuration.



-- 
Good, fast & cheap. Pick any two.

More information about the freebsd-pf mailing list