From owner-freebsd-questions Wed Mar 6 2: 7:10 2002 Delivered-To: freebsd-questions@freebsd.org Received: from dns.perimeter.co.za (dns.perimeter.co.za [196.25.164.254]) by hub.freebsd.org (Postfix) with ESMTP id 1AB6D37B402 for ; Wed, 6 Mar 2002 02:07:03 -0800 (PST) Received: from patrick (loopback.mipjhb [209.212.102.245] (may be forged)) by dns.perimeter.co.za (8.11.1/8.11.1) with SMTP id g26A6st02671 for ; Wed, 6 Mar 2002 12:06:55 +0200 (SAST) (envelope-from bsd@perimeter.co.za) Message-ID: <00aa01c1c4f7$8eb5f460$b50d030a@patrick> From: "Patrick O'Reilly" To: "FreeBSD Question List" References: Subject: natd getting into tight loops ?!? Date: Wed, 6 Mar 2002 12:13:16 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi again. I'm not sure whether my mail made it to the list from my other account, so I'm retrying through this one. Please help with any advice on this weird natd behaviour... ----- Original Message ----- Hi all. I have noticed lately that natd sometimes seems to consume huge amounts of processor time for no apparent reason. I am running multiple instances of natd on different divert sockets as I need to NAT across different interfaces. See these 'ps' results, taken just over one hour apart from one another: -------------- (at 09:25 AM) 517 ?? Rs 247:56.44 /sbin/natd -f /etc/natd.conf -n xl0 -p 8660 527 ?? Ss 59:44.57 /sbin/natd -f /etc/natd.conf -n xl1 -p 8661 537 ?? Ss 70:24.40 /sbin/natd -f /etc/natd.conf -n xl2 -p 8662 -------------- (at 10:30 AM) 517 ?? Ss 259:37.86 /sbin/natd -f /etc/natd.conf -n xl0 -p 8660 527 ?? Ss 71:24.48 /sbin/natd -f /etc/natd.conf -n xl1 -p 8661 537 ?? Ss 70:27.51 /sbin/natd -f /etc/natd.conf -n xl2 -p 8662 -------------- Notice that the natd daemons on xl0 and xl1 each accumulated 12 minutes of processor time!!! But xl2 took just 3 seconds. This is NOT a very busy gateway (xl0 faces the 'net over a 128k line!). When this occurs it goes in fits and starts, as if the daemon gets into a tight loop for a while, and then pops out again. While this happens the processor is 100% busy, and then it goes to 98-99% idle! This gateway server runs ipfw and natd, and NOTHING ELSE. It is a dedicated firewall/gateway server. -------------- root perimeter:~# uname -a FreeBSD perimeter.DOMAIN 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Mon Feb 4 10:57:00 SAST 2002 root@perimeter.DOMAIN:/usr/obj/usr/src/sys/perimeter i386 -------------- Is this a problem that might be solved by bringing the box up to 4.5-RELEASE ? PS: I was using DUMMYNET for traffic shaping, and at first I suspected that natd and DUMMYNET were not working well together. I have recently stopped using all DUMMYNET pipes, but the problem persists. Regards, Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message