> To speed up reproduction of this bug, lower the xfrm4_gc_thresh to a value > ABOVE (2 * 4096 * CPUS), but close to it - > e.g. something like 10k * CPUS
sorry got the math wrong on the verification - the xfrm4_gc_thresh should be set to above ((4096 * CPUS) / 2), so something like 4K * CPUS, or even (2K * CPUS) + 4k; basically just above the max flowcache limit, plus a bit for dst entries that are released but not yet freed/cleaned yet. And to re-affirm, for production use the xfrm4_gc_thresh should NEVER be set to anything other than INT_MAX (i.e., a number higher than 4k * 2 * CPUS) - there's absolutely no benefit to setting it any lower than max, and a real chance of causing failures if set too low. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1486670 Title: using ipsec, many connections result in no buffer space error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1486670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs