On Thursday 13 April 2006 10.33, you wrote: > Hi > > #Setup:# > A redundant firewall pair (two HP DL380G4) with 3 em dual gig nics (plus 2 > unused bge), 6 vlans, pfsync and 1500 rows of pf.conf. OpenBSD 3.8 STABLE > (updated two weeks ago). The generic kernel is used + backported SACK patch > so we could use "synproxy" correctly. > > #Problem:# > This redundantfirewall pair just died after a couple of weeks good work. > All interfaces use carp. During the last 24 hours before the problem they > have had a constant 25-30% higher average load of outgoing traffic 100 to > 110 Mbit, and incoming traffic of 80-90 Mbit. A pfstat graph show a packet > rate that is not over 15000 in any direction. > > Apr 11 09:32:16 XXXXXX /bsd: WARNING: mclpool limit reached; increase > kern.maxclusters > > On the list we have seen people raised kern.maxclusters values to over > 65000 without success (the fw just lasts longer) and later got info that > they had a driver bug (xl for example). I unfortunately don't have a > "netstat-m" or "vmstat -m|grep mcl" but assume I would not be happy to see > the result of the output. > > > #Question:# > This problem is *hopefully* caused by a high network load and therefor only > needs tuning rather than an os problem. A sysctl -a | grep kern.maxclusters > shows the default: > kern.maxclusters=6144 > What is a reasonable value for kern.maxclusters in a situation like this? > (We ask as we don't want to raise it to high as we also are afraid of > eventual side effects) > > > Thanks > Per-Olov
Additional info.... When the servers died the load peak (last for 24 hours) described above was already over 6 hours earlier. Any good reason why they died when the load was back at standard load? Thanks in advance Per-Olov Sjvholm -- GPG keyID: 4DB283CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE
