Date: Sun, 27 May 2001 23:23:18 +0300 (EEST) From: Pekka Savola <pekkas@netcore.fi> To: Bill Fumerola <billf@mu.org> Cc: <freebsd-bugs@FreeBSD.org> Subject: Re: kern/27661: >1000 ipfw rules and heavy traffic crash the system Message-ID: <Pine.LNX.4.33.0105272307350.25129-100000@netcore.fi> In-Reply-To: <20010527135954.F37979@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 27 May 2001, Bill Fumerola wrote: > On Sat, May 26, 2001 at 11:20:02PM -0700, Pekka Savola wrote: > > > Subject: Re: kern/27661: >1000 ipfw rules and heavy traffic crash the system > > I've put 3000 non-matching (and counting+matching) rules on systems > while pushing max traffic before without locking up. I'm sure you're talking about serious traffic here, countable in dozens of megabits, as this appears to be a requirement in this scenario. > Please compile a non-SMP kernel and see if you have better luck. > > Also, try and push the traffic over lo0 and see if that makes a > difference. This may not have been the problem; when debugging this, I had found out the problem with ipfw traffic limiting (hard freezing) too (see the 5 May thread on -stable mentioned in previous mail). The freezing continued without SMP on. For the death of me I can't remember whether it was traffic limiter or huge number of rules that caused the crashes on UP system (at that time I didn't know _what_ was causing them anyway). Unfortunately, this is a production system, and there's pretty little amount of testing I can do; especially as soft freezes by >1000 rules seem to create a lot of FS inconsistancies as a byproduct when booting, always requiring rather painful restoration of some files from the backups. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0105272307350.25129-100000>