Date: Tue, 29 Jan 2008 09:43:02 -0800 From: Christopher Cowart <ccowart@rescomp.berkeley.edu> To: Norman Maurer <norman@apache.org> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: FreeBSD 6.3 racoon cpu 99,9% after some time workin Message-ID: <20080129174302.GK41095@hal.rescomp.berkeley.edu> In-Reply-To: <1201600025.6811.8.camel@norman-laptop> References: <1201592778.6811.1.camel@norman-laptop> <20080129080412.GH41095@hal.rescomp.berkeley.edu> <1201598690.6811.5.camel@norman-laptop> <1201600025.6811.8.camel@norman-laptop>
next in thread | previous in thread | raw e-mail | index | archive | help
--iCHaPkWk0Ne6xagp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 29, 2008 at 10:47:05AM +0100, Norman Maurer wrote: > Am Dienstag, den 29.01.2008, 10:24 +0100 schrieb Norman Maurer: > > Am Dienstag, den 29.01.2008, 00:04 -0800 schrieb Christopher Cowart: > > > On Tue, Jan 29, 2008 at 08:46:18AM +0100, Norman Maurer wrote: > > > > I have some strange problem.. After racoon works some hours it seem= s to > > > > "freeze" and get a cpu usage of 99,9%. The vpns don't work anymore = too.. > > > > Any idea ? > > >=20 > > > By any chance do you have a large number of tunnels? We went so far as > > > to write a daemon to watch racoon and restart it automatically. We > > > finally ended up bumping up buffer sizes in the ipsec-tools sources a= nd > > > sysctl. > > >=20 > > > See this thread from -net: > > > http://lists.freebsd.org/pipermail/freebsd-net/2007-August/015046.html > > >=20 > >=20 > > We have about 15 tunnels.. Can you please show me the changes you did > > ( maybe a diff ) and the shell script ? 15 tunnels doesn't sound like enough to cause problems; we were dealing with 80-100 SAs before we saw problems. The patch is here: http://lists.freebsd.org/pipermail/freebsd-net/2007-September/015456.html Our sysctl change is this: $ sysctl -a kern.ipc.maxsockbuf kern.ipc.maxsockbuf: 4194304 You might try pinging -net with the symptoms or drawing some of these old threads.=20 --=20 Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley --iCHaPkWk0Ne6xagp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iQIVAwUBR59lpiPHEDszU3zYAQLx9Q/9H5VYHF9tm99jAM4wcz5LB7ml5EnvEnQm vHONN4ZdEjNHH6OwCfxoEKSsX54qiRFo7Smlksjo2lrf7+9JjsJYx5Cqr+7RgbB8 jmbMz9U/fW4fPdw7XtmzsYzDVIM1DjS9WknrbJ3fRahWomi91GBh/kIMafKF3Yvb 5pQP+0ygsFialneZFPrd44IZBkiCwYFfTxP0SNXDoZQf6gH38+0mW15Gx13QEzAJ eBlwbGAAlewrBhs12e07a+gLp+KZUl0PtiK5SW4GZpFI7eq2AgDwcPtEJOwPS/ix eWx2+xdWswf8IDzulpqUwoDzH3GzaHifOEYXzNakszSGeOsbBtMQmeA8L8lJvXkv SVFUIBwPearctydIW2wO8gJnSLEsahbBw+GvilDWBEdCt6s9TPx6aO/GLkrDa9n4 ZRtymjZrxKmSuWfnmfzDqGC/6aMRdhi1qPlWse+tHA7PhZzMYTOOF7WeZc1/3uvR S9AQBRof0nCPR51KTj5WlHTpXMtfofqecrw4zVHMSAYZMWaL05tITCdEkWAlRTTY qo6C1TZQGA5EMPj7m+nvHUS/gtwrA+GGDHA++x5RCGqKnl2Ao4EiADcBrGqS6+Pu 7yiwyN/wYRN4v6vmbLNYjUFEYTRPRzzax/dPcZwkWhqNO/2LjaRV06QpoKmVV7zW SCU+/Jj5zTA= =R8Y0 -----END PGP SIGNATURE----- --iCHaPkWk0Ne6xagp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080129174302.GK41095>