FreeBSD 6.3 racoon cpu 99,9% after some time workin
Christopher Cowart
ccowart at rescomp.berkeley.edu
Tue Jan 29 09:43:13 PST 2008
On Tue, Jan 29, 2008 at 10:47:05AM +0100, Norman Maurer wrote:
> Am Dienstag, den 29.01.2008, 10:24 +0100 schrieb Norman Maurer:
> > Am Dienstag, den 29.01.2008, 00:04 -0800 schrieb Christopher Cowart:
> > > On Tue, Jan 29, 2008 at 08:46:18AM +0100, Norman Maurer wrote:
> > > > I have some strange problem.. After racoon works some hours it seems to
> > > > "freeze" and get a cpu usage of 99,9%. The vpns don't work anymore too..
> > > > Any idea ?
> > >
> > > By any chance do you have a large number of tunnels? We went so far as
> > > to write a daemon to watch racoon and restart it automatically. We
> > > finally ended up bumping up buffer sizes in the ipsec-tools sources and
> > > sysctl.
> > >
> > > See this thread from -net:
> > > http://lists.freebsd.org/pipermail/freebsd-net/2007-August/015046.html
> > >
> >
> > We have about 15 tunnels.. Can you please show me the changes you did
> > ( maybe a diff ) and the shell script ?
15 tunnels doesn't sound like enough to cause problems; we were dealing
with 80-100 SAs before we saw problems.
The patch is here:
http://lists.freebsd.org/pipermail/freebsd-net/2007-September/015456.html
Our sysctl change is this:
$ sysctl -a kern.ipc.maxsockbuf
kern.ipc.maxsockbuf: 4194304
You might try pinging -net with the symptoms or drawing some of these
old threads.
--
Chris Cowart
Network Technical Lead
Network & Infrastructure Services, RSSP-IT
UC Berkeley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080129/485e4b3b/attachment.pgp
More information about the freebsd-questions
mailing list