> To speed up reproduction of this bug, lower the xfrm4_gc_thresh to a value 
> ABOVE (2 * 4096 * CPUS), but close to it -
> e.g. something like 10k * CPUS

sorry got the math wrong on the verification - the xfrm4_gc_thresh
should be set to above ((4096 * CPUS) / 2), so something like 4K * CPUS,
or even (2K * CPUS) + 4k; basically just above the max flowcache limit,
plus a bit for dst entries that are released but not yet freed/cleaned
yet.

And to re-affirm, for production use the xfrm4_gc_thresh should NEVER be
set to anything other than INT_MAX (i.e., a number higher than 4k * 2 *
CPUS) - there's absolutely no benefit to setting it any lower than max,
and a real chance of causing failures if set too low.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1486670

Title:
  using ipsec, many connections result in no buffer space error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1486670/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to