kern/144917: Flowtable crashes system

K. Macy kmacy at freebsd.org
Thu Apr 8 18:07:53 UTC 2010 

Hi Vincent,
Thanks for your response. However, the answers to both his questions
have been given many times before and he knows them already. This
person has not made material contributions to discussions and has in
fact made active efforts to reduce the signal to noise ratio.

Cheers,
Kip




On Thu, Apr 8, 2010 at 6:05 AM, Vincent Hoffman <vince at unsane.co.uk> wrote:
> On 08/04/2010 13:07, Barney Cordoba wrote:
>>
>> --- On Fri, 4/2/10, K. Macy <kmacy at freebsd.org> wrote:
>>
>>
>>> From: K. Macy <kmacy at freebsd.org>
>>> Subject: Re: kern/144917: Flowtable crashes system
>>> To: "Ilya Zhuravlev" <ilya at el-crane.net>
>>> Cc: freebsd-net at freebsd.org, "Evgenii Davidov" <dado at korolev-net.ru>
>>> Date: Friday, April 2, 2010, 11:07 PM
>>> Please try with the latest 8-STABLE
>>> and tell me if recent changes fix it.
>>>
>>> Thanks,
>>> Kip
>>>
>>> On Thu, Mar 25, 2010 at 8:32 AM, Ilya Zhuravlev <ilya at el-crane.net>
>>> wrote:
>>>
>>>> On 21.03.2010 17:04, Evgenii Davidov wrote:
>>>>
>>>>> Здравствуйте,
>>>>>
>>>>> On Sat, Mar 20, 2010 at 11:06:35PM +0000, Doychin
>>>>>
>>> Dokov пишет:
>>>
>>>>>
>>>>>>> Description:
>>>>>>>
>>>>>> It seems like flowtable has been merged and
>>>>>>
>>> enabled by default in 8.0....
>>>
>>>>>> which is a really really bad idea.
>>>>>> On a system which handles two full BGP tables
>>>>>>
>>> it makes one of the CPU
>>>
>>>>>> cores run at 100% right after most of the
>>>>>>
>>> prefixes get installed in the
>>>
>>>>>> routing table.
>>>>>>
>>>>> i saw the same effect with ospf
>>>>>
>>>>>
>>>> 8.0-p2, 2 full-view with openbgpd
>>>> "tuning":
>>>> net.inet.tcp.blackhole=2
>>>> net.inet.udp.blackhole=1
>>>> net.inet.icmp.icmplim_output=0
>>>> net.inet.icmp.drop_redirect=1
>>>> net.inet.flowtable.nmbflows=32768
>>>>
>>>> 1 week uptime.Now I think only about increasing tx/rx
>>>>
>>> descriptors to reduce
>>>
>>>> interrupts (default values was not changed)
>>>>
>>>>
>>>> netstat -w1 -Iigb0
>>>>            input         (igb0)
>>>>
>>>   output
>>>
>>>>   packets  errs      bytes    packets  errs
>>>>
>>>    bytes colls
>>>
>>>>     49100     0   12290513      23693     0
>>>>
>>>   27268884     0
>>>
>>>>     48322     0   12688283      24332     0
>>>>
>>>   28099404     0
>>>
>>>>     50602     0   12759620      24437     0
>>>>
>>>   27698341     0
>>>
>>>>     47857     0   11354124      21410     0
>>>>
>>>   23845155     0
>>>
>>>> netstat -w1 -Iigb1
>>>>            input         (igb1)
>>>>
>>>   output
>>>
>>>>   packets  errs      bytes    packets  errs
>>>>
>>>    bytes colls
>>>
>>>>     32428     0   35027019      24562     0
>>>>
>>>    5624934     0
>>>
>>>>     30621     0   33384339      23569     0
>>>>
>>>    4456944     0
>>>
>>>>     28419     0   31014269      21571     0
>>>>
>>>    3638083     0
>>>
>>>>     29409     0   32524760      22137     0
>>>>
>>>    3503600     0
>>>
>>>>     30965     0   33532742      23973     0
>>>>
>>>    5089231     0
>>>
>>>> netstat -w1 -Iem0
>>>>            input          (em0)
>>>>
>>>   output
>>>
>>>>   packets  errs      bytes    packets  errs
>>>>
>>>    bytes colls
>>>
>>>>     17217     0    3929366      72741     0
>>>>
>>>   46377762     0
>>>
>>>>     17412     0    3745112      75522     0
>>>>
>>>   49338883     0
>>>
>>>>     18385     0    4014568      77444     0
>>>>
>>>   50532101     0
>>>
>>>>     17142     0    3875518      77125     0
>>>>
>>>   47646681     0
>>>
>>>>     16870     0    3528316      73188     0
>>>>
>>>   47940959     0
>>>
>>>>     17069     0    3682891      80268     0
>>>>
>>>   52904747     0
>>>
>>>>     17313     0    4101576      75586     0
>>>>
>>>   51933330     0
>>>
>>>> _______________________________________________
>>>> freebsd-net at freebsd.org
>>>>
>>
>> How about telling us how to turn it off; or better yet how to not
>> compile it into the kernel at all. Thats the best solution.
>>
>> As my Dad used to say on a regular basis, we need this like we
>> need a hole in our head. Is 8.0 the Kip Macy personal test bed?
>>
>> Why is something that virtually no-one needs enabled by default?
>>
>> Barney
>>
>>
> I havent followed the whole thread so if this doesnt actally work for
> some reason then sorry for noise.
>
> [root at prawn ~]# sysctl -a | grep flowtable
> net.inet.ip.output_flowtable_size: 2048
> net.inet.flowtable.nmbflows: 4096
> net.inet.flowtable.tcp_expire: 86400
> net.inet.flowtable.fin_wait_expire: 600
> net.inet.flowtable.udp_expire: 300
> net.inet.flowtable.syn_expire: 300
> net.inet.flowtable.collisions: 0
> net.inet.flowtable.max_depth: 0
> net.inet.flowtable.free_checks: 8845
> net.inet.flowtable.frees: 2181
> net.inet.flowtable.misses: 2403
> net.inet.flowtable.lookups: 11633
> net.inet.flowtable.hits: 9231
> net.inet.flowtable.enable: 1
> net.inet.flowtable.debug: 0
>
>
> [root at prawn ~]# sysctl -d net.inet.flowtable.enable
> net.inet.flowtable.enable: enable flowtable caching.
>
> [root at prawn ~]# sysctl net.inet.flowtable.enable=0
> net.inet.flowtable.enable: 1 -> 0
>
>
> Vince
>>
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>

More information about the freebsd-net mailing list