Subject: Re: IFQ_MAXLEN: How large can it be?
To: None <firstname.lastname@example.org>
From: Manuel Bouyer <email@example.com>
Date: 11/15/2006 11:31:45
On Wed, Nov 15, 2006 at 08:57:01AM +0100, Christoph Kaegi wrote:
> Hello list
> Thanks to the help of Manuel, I found the above mentionned
> setting which defines the size of the (per-adapter?) IP input
> So I bumped this number on our quite busy firewall up from 256
> to 1024 and later to 4096, but I still get 1'026'678 dropped
> packets during 8 days uptime.
> - What are the side effects of increasing this value even more?
> - Can I safely set it to 8192 or 16384 without getting into
> other troubles?
> - I guess I could also just use values of 8000, 10000 or 20000
> isn't it?
> - Also, is this value number of packets or number of bytes
> or something else?
> I have NMBCLUSTERS=65536 at the moment, btw.
This is the number of packets per interface. You can count one mbuf cluster
(2k) per packet, so you have to make sure that
- NMBCLUSTERS is larger than IFQ_MAXLEN * num_interfaces (if you know you
have mostly-idle interfaces, maybe you can change this to
IFQ_MAXLEN * num_busy_interfaces + some_more)
- you have enough ram to hold that much NMBCLUSTERS (a mbuf cluser is 2k),
as this memory can't be paged out.
Manuel Bouyer, LIP6, Universite Paris VI. Manuel.Bouyer@lip6.fr
NetBSD: 26 ans d'experience feront toujours la difference