Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 5 Mar 2002 10:50:06 +0200
From:      "Patrick O'Reilly" <patrick@mip.co.za>
To:        "FreeBSD Question List" <freebsd-questions@freebsd.org>
Subject:   natd hogging processor
Message-ID:  <NDBBIMKICMDGDMNOOCAIAECJECAA.patrick@mip.co.za>
next in thread | raw e-mail | index | archive | help 
Hi all.

I have noticed lately that natd sometimes seems to consume huge amounts
of processor time for no apparent reason.

I am running multiple instances of natd on different divert sockets as I
need to NAT across different interfaces.

See these 'ps' results, taken just over one hour apart from one another:
-------------- (at 09:25 AM)
  517  ??  Rs   247:56.44 /sbin/natd -f /etc/natd.conf -n xl0 -p 8660
  527  ??  Ss    59:44.57 /sbin/natd -f /etc/natd.conf -n xl1 -p 8661
  537  ??  Ss    70:24.40 /sbin/natd -f /etc/natd.conf -n xl2 -p 8662
-------------- (at 10:30 AM)
  517  ??  Ss   259:37.86 /sbin/natd -f /etc/natd.conf -n xl0 -p 8660
  527  ??  Ss    71:24.48 /sbin/natd -f /etc/natd.conf -n xl1 -p 8661
  537  ??  Ss    70:27.51 /sbin/natd -f /etc/natd.conf -n xl2 -p 8662
--------------
Notice that the natd daemons on xl0 and xl1 each accumulated 12 minutes
of processor time!!!  But xl2 took just 3 seconds.  This is NOT a very
busy gateway (xl0 faces the 'net over a 128k line!).

When this occurs it goes in fits and starts, as if the daemon gets into
a tight loop for a while, and then pops out again.  While this happens
the processor is 100% busy, and then it goes to 98-99% idle!

This gateway server runs ipfw and natd, and NOTHING ELSE.  It is a
dedicated firewall/gateway server.

--------------
root perimeter:~# uname -a
FreeBSD perimeter.DOMAIN 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Mon Feb  4
10:57:00 SAST 2002
root@perimeter.DOMAIN:/usr/obj/usr/src/sys/perimeter  i386
--------------

Is this a problem that might be solved by bringing the box up to
4.5-RELEASE ?

PS: I was using DUMMYNET for traffic shaping, and at first I suspected
that natd and DUMMYNET were not working well together.  I have recently
stopped using all DUMMYNET pipes, but the problem persists.

Regards,
Patrick.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBIMKICMDGDMNOOCAIAECJECAA.patrick>