tech-net: Re: Tune up NetBSD

Subject: Re: Tune up NetBSD
To: None <tech-net@netbsd.org>
From: Rimantas Petrauskas <rimantas@remo.lt>
List: tech-net
Date: 04/02/2006 21:38:35
Hi,

tried to change some settings in ipf -T
That didn't helped.

-bash-2.05b# ipf -T list
fr_flags        min 0   max 0xffffffff  current 0
fr_active       min 0   max 0   current 0
fr_control_forwarding   min 0   max 0x1 current 0
fr_update_ipid  min 0   max 0x1 current 0
fr_chksrc       min 0   max 0x1 current 1
fr_pass min 0   max 0xffffffff  current 268435460
fr_unreach      min 0   max 0xff        current 13
fr_tcpidletimeout       min 0x1 max 0x7fffffff  current 1800
fr_tcpclosewait min 0x1 max 0x7fffffff  current 60
fr_tcplastack   min 0x1 max 0x7fffffff  current 480
fr_tcptimeout   min 0x1 max 0x7fffffff  current 180
fr_tcpclosed    min 0x1 max 0x7fffffff  current 120
fr_tcphalfclosed        min 0x1 max 0x7fffffff  current 7200
fr_udptimeout   min 0x1 max 0x7fffffff  current 240
fr_udpacktimeout        min 0x1 max 0x7fffffff  current 24
fr_icmptimeout  min 0x1 max 0x7fffffff  current 120
fr_icmpacktimeout       min 0x1 max 0x7fffffff  current 12
fr_statemax     min 0x1 max 0x7fffffff  current 200000
fr_statesize    min 0x1 max 0x7fffffff  current 200000
fr_state_lock   min 0   max 0x1 current 0
fr_state_maxbucket      min 0x1 max 0x7fffffff  current 36
fr_state_maxbucket_reset        min 0   max 0x1 current 1
ipstate_logging min 0   max 0x1 current 1
fr_nat_lock     min 0   max 0x1 current 0
ipf_nattable_sz min 0x1 max 0x7fffffff  current 262143
ipf_nattable_max        min 0x1 max 0x7fffffff  current 340785
ipf_natrules_sz min 0x1 max 0x7fffffff  current 80809
ipf_rdrrules_sz min 0x1 max 0x7fffffff  current 80809
ipf_hostmap_sz  min 0x1 max 0x7fffffff  current 32767
fr_nat_maxbucket        min 0x1 max 0x7fffffff  current 36
fr_nat_maxbucket_reset  min 0   max 0x1 current 1
nat_logging     min 0   max 0x1 current 1
fr_defnatage    min 0x1 max 0x7fffffff  current 1200
fr_defnaticmpage        min 0x1 max 0x7fffffff  current 6
ipfr_size       min 0x1 max 0x7fffffff  current 257
fr_ipfrttl      min 0x1 max 0x7fffffff  current 120
ipl_suppress    min 0   max 0x1 current 1
ipl_buffer_sz   min 0   max 0   current 0
ipl_logmax      min 0   max 0x7fffffff  current 7
ipl_logall      min 0   max 0x1 current 0

Maybe i am doing something wrong. Maybe numbers i set are wrong?
i doubled fr_pass and still no changes.

contents of sysctl.conf:
kern.somaxkva=268435456
kern.sbmax=8388608
kern.maxfiles=65536
net.inet.udp.recvspace=3217968
net.inet.udp.sendspace=3217968
net.inet.tcp.recvspace=3217968
net.inet.tcp.sendspace=3217968
net.inet.tcp.init_win=8

kernel changes:
options         SHMMAXPGS=4096
options         P1003_1B_SEMAPHORE
options         NMBCLUSTERS=32768
options         NBUF=32768

I tried to tcpdump traffic while this problems occurs, but nothing unusual
did not seen.

About the problem again:
Server 1 does not crash. The server 2 (traffic shaper old-ALTQ) connected
to server 1 stops responding in network for about 5-10 minutes. If i
plug-out network cable and plug-in after 10 seconds everything begins to
work just fine.

ps ax (on server 2) at that time that server 2 does not responds:
20733 root      10    0   224K  724K nanosl/0   0:30 106.74% 106.74% cron
440 root       2    0   120K  732K select/1  56:37 103.42% 103.42% apcupsd
8 root      50    0     0K  157M RUN/0      3:15 68.21% 68.21% [ioflush]

It is kind of hard to describe more this problem, but maybe anyone can
help me.

2006 Kovas 27, 22:33, Pir Marcin Jessa rašė:
> On Mon, 27 Mar 2006 17:35:25 +0300 (EEST)
> "Rimantas Petrauskas" <rimantas@remo.lt> wrote:
>
>
>> Hi,
>>
>>
>> i'm using NetBSD 2.0.1 on IBM x335 machine. It is internet gateway for
>> about 2000 clients. I'm monitoring "/usr/sbin/ipfstat -hio" stats with
>> MRTG and when in/out packets reaches 90000000, the server seems to have
>>  some problems. It looks like packets are droped or something. Can
>> anyone give me a realy good link on "How to tune up NetBSD for high
>> traffic networks" or something like that? Or maybe you could paste some
>> usefull sysctl or kernel values, because i am not realy good at this
>> point.
>
> A good starting point would be:
> http://www.netbsd.org/guide/en/chap-tuning.html
>
>
> Other links that may be of interest:
> http://proj.sunet.se/E2E/tcptune.html
> http://www.psc.edu/networking/projects/tcptune/#NetBSD
>
>
> You should also tcpdump your traffic when the problem occurs
> to be actually able to see what happens.
>
>
> Cheers,
> Marcin.
>
>


-- 
Pagarbiai,
Rimantas Petrauskas,
UAB "Remo televizija"
Tinklo administratorius
Mob. tel.: 8-685-74915
E-mail: rimantas@remo.lt