port-i386: Re: Big NMBCLUSTERS on a busy Firewall

Subject: Re: Big NMBCLUSTERS on a busy Firewall
To: None <port-i386@netbsd.org>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: port-i386
Date: 09/19/2001 23:03:41

On Wed, Sep 19, 2001 at 07:41:42AM +0200, Christoph Kaegi wrote:
> 
> Hi
> 
> I installed a NetBSD 1.5.1 System to take the function
> of our SUN Firewalls which have strange problems.
> 
> Even though I bumped up NMBCLUSTERS to 32768, I still get:
> 
> --------------------------------- 8< --------------------------------
> Sep 19 05:14:58 notfw /netbsd: WARNING: mclpool limit reached; increase NMBCLUSTERS
> Sep 19 05:30:07 notfw last message repeated 3 times
> Sep 19 05:35:12 notfw /netbsd: WARNING: mclpool limit reached; increase NMBCLUSTERS
> Sep 19 05:50:11 notfw last message repeated 3 times
> Sep 19 06:00:09 notfw last message repeated 2 times
> Sep 19 06:05:13 notfw /netbsd: WARNING: mclpool limit reached; increase NMBCLUSTERS
> Sep 19 06:20:09 notfw last message repeated 3 times
> Sep 19 06:25:03 notfw /netbsd: WARNING: mclpool limit reached; increase NMBCLUSTERS
> Sep 19 06:40:10 notfw last message repeated 3 times
> Sep 19 06:45:14 notfw /netbsd: WARNING: mclpool limit reached; increase NMBCLUSTERS
> Sep 19 07:00:09 notfw last message repeated 3 times
> Sep 19 07:10:14 notfw last message repeated 2 times
> Sep 19 07:15:13 notfw /netbsd: WARNING: mclpool limit reached; increase NMBCLUSTERS
> Sep 19 07:30:09 notfw last message repeated 3 times
> 
> --------------------------------- 8< --------------------------------
> 
> Now the question: Is it save, to push NMBCLUSTERS even higher?
> Is there any upper limit?
> Or should I just increase them, until it doesnt complain anymore?
> 
> By the way, the machine seems mostly idle. ipfstat -s says:
> 
> --------------------------------- 8< --------------------------------
> IP states added:
>         28602140 TCP
>         85228 UDP
>         31663 ICMP
>         973248185 hits
>         37733768 misses
>         1632485 maximum
>         0 no memory
>         2392 bkts in use
>         3096 active
>         116129 expired
>         28599806 closed
> --------------------------------- 8< --------------------------------
> 
> Thanks in advance for any hints

And what does 'netstat -m' and 'vmstat -m' say ?

--
Manuel Bouyer <bouyer@antioche.eu.org>
--