Re: Keeping a lot of states
Yes. option NMBCLUSTERS=N , where N is the number of clusters. Read http://www.openbsd.org/faq/faq11.html#Network Jon On Tue, 16 Mar 2004 00:02:46 +0059 Jedi/Sector One <[EMAIL PROTECTED]> wrote: > Hello. > > Is there any kernel parameter like NMBCLUSTERS or NKMEMPAGES to increase > in order to let pf work with millions of states? The host has 1Gb ram and > does nothing but transparent firewalling. > > TIA, > > -- > __ /*-Frank DENIS (Jedi/Sector One) -*\ __ > \ '/http://www.PureFTPd.Org/";> Secure FTP Server \' / > \/ http://www.Jedi.Claranet.Fr/";> Misc. free software \/
Re: Keeping a lot of states
No, i386 current pmap support is very poor, and won't allow you to reliably allocate more than 64M of RAM. You might be more lucky with sparc64 or amd64. Cedric Jon Mosco wrote: Yes. option NMBCLUSTERS=N , where N is the number of clusters. Read http://www.openbsd.org/faq/faq11.html#Network Jon On Tue, 16 Mar 2004 00:02:46 +0059 Jedi/Sector One <[EMAIL PROTECTED]> wrote: Hello. Is there any kernel parameter like NMBCLUSTERS or NKMEMPAGES to increase in order to let pf work with millions of states? The host has 1Gb ram and does nothing but transparent firewalling. TIA, -- __ /*-Frank DENIS (Jedi/Sector One) -*\ __ \ '/http://www.PureFTPd.Org/";> Secure FTP Server \' / \/ http://www.Jedi.Claranet.Fr/";> Misc. free software \/
Re: Keeping a lot of states
Hi Cedric. On Tue, Mar 16, 2004 at 01:08:13AM +0100, Cedric Berger wrote: > No, i386 current pmap support is very poor, and won't allow you to > reliably allocate more than 64M of RAM. Thanks for the clarification. What is the highest safe value I should raise NMBCLUSTERS to on x86? How many states max will it keep? Best regards, -- __ /*-Frank DENIS (Jedi/Sector One) -*\ __ \ '/http://www.PureFTPd.Org/";> Secure FTP Server \' / \/ http://www.Jedi.Claranet.Fr/";> Misc. free software \/
Re: Keeping a lot of states
On 16/03/2004, Jedi/Sector One <[EMAIL PROTECTED]> wrote To Cedric Berger: > > No, i386 current pmap support is very poor, and won't allow you to > > reliably allocate more than 64M of RAM. > > Thanks for the clarification. Which is not completly correct, like some "insane" guy showed us on misc@ or even 'here'. > What is the highest safe value I should raise NMBCLUSTERS to on x86? How > many states max will it keep? There's no answer to this. After all this one guy (maybe I can dig out the mail the other day), had ~400.000 states on a small machine. No, I dont tell it was 128mb physical RAM, since that doesnt matter. Or let's better say: you cannot "scale" now and say "oh cool, 1024=8*128, so i can do 3.2 Mio states". Tho this was before pf state structures shrank. Hm. Let alone the used NIC can change numbers here before the KVM boobs up. Just test? Easy enuff to fill up state entries. Pick high timeout values and fire traffic at it with some tcpblast or whatever packet generator. HTH, -- pb@
Re: Keeping a lot of states
Jedi/Sector One wrote: Hi Cedric. On Tue, Mar 16, 2004 at 01:08:13AM +0100, Cedric Berger wrote: No, i386 current pmap support is very poor, and won't allow you to reliably allocate more than 64M of RAM. Thanks for the clarification. What is the highest safe value I should raise NMBCLUSTERS to on x86? How many states max will it keep? I don't think NMBCLUSTERS has much to do with the number of states you can keep on a system. States are not allocated from clusters memory. NMBCLUSTERS is used by IP packets that are in transit in your box, (or packet in IP/TCP reassembly queues). While you need a decent value for it if you've a lot of traffic, increasing NMBCLUSTERS will not change the maximum number of states you can use. NKMEMPAGES would be a better knob to tweak, but if you increase it past 64M (don't know what the default value is), you will start to have instability on your box. Cedric
Re: Keeping a lot of states
On Tue, 16 Mar 2004, Jedi/Sector One wrote: > What is the highest safe value I should raise NMBCLUSTERS to on x86? How > many states max will it keep? We're running an X86 box with 512MB ram, nmbclusters = 8192, nkmempages = 81920, and a state limit of 100. In testing I got up to about 1.3mil states before it died. I don't think you'll get any higher than this, as I recall at 1.3mil the kernel was using something like 480MB. Adding more physical memory actually decreases the amount of usable kernel memory... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | [EMAIL PROTECTED] California State Polytechnic University | Pomona CA 91768
Re: Keeping a lot of states
On Tue, Mar 16, 2004 at 12:24:36PM -0800, Paul B. Henson wrote: > We're running an X86 box with 512MB ram, nmbclusters = 8192, nkmempages = > 81920 Didn't Cedric say that nkmempages > 16384 on x86 was instable? Did you test it that way for a long time? -- __ /*-Frank DENIS (Jedi/Sector One) -*\ __ \ '/http://www.PureFTPd.Org/";> Secure FTP Server \' / \/ http://www.Jedi.Claranet.Fr/";> Misc. free software \/
Re: Keeping a lot of states
On Tue, 16 Mar 2004, Jedi/Sector One wrote: > On Tue, Mar 16, 2004 at 12:24:36PM -0800, Paul B. Henson wrote: > > We're running an X86 box with 512MB ram, nmbclusters = 8192, nkmempages = > > 81920 > > Didn't Cedric say that nkmempages > 16384 on x86 was instable? > Did you test it that way for a long time? It's been running in production since July 2003 without a blip. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | [EMAIL PROTECTED] California State Polytechnic University | Pomona CA 91768
