Re: NMBCLUSTERS in OpenBSD 3.1

Tue, 11 Jun 2002 08:03:39 -0700 

On Tue, Jun 11, 2002 at 08:14:24PM +1000, Darren Reed wrote:
> In some email I received from Paul B. Henson, sie wrote:
> > 
> > from research on this mailing list and others, it seems it is very common
> > to have to increase the default value of NMBCLUSTERS under a heavy load.
> > most often, it seems to have been increased to 8192 or 16384.
> > 
[snip]
> > In any case, I was wondering if anyone has placed an OpenBSD 3.1 firewall
> > under heavy load yet. I have done some limited testing, but my test
> > environment is not sufficient to completely emulate the production load. I
> > really don't want to put a firewall into production that runs out of a
> > critical network resource which I am then unable to increase. I have 2 GB
> > of RAM in this machine -- I would much rather have unused buffers than ever
> > run out.
> 
> The best advice here is to just use another OS, if you feel that
> uncomfortable with OpenBSD.

        Yep. If we're talking about a dedicated router/firewall then
I can only conclude that OpenBSD is broken for serious production
use.  2G of RAM for a dedicated router/firewall is rediculous. Or exactly
what is meant by loaded?

Here is some info from my situation. This machine is a 800MHz  PIII with
128M of RAM.


# uname -a
FreeBSD fw1 4.5-RELEASE-p2 FreeBSD 4.5-RELEASE-p2 #0: Thu Apr 11 19:09:46 EDT 2002     
root@jak:/usr/src/sys/compile/FW  i386

# netstat -I fxp0 -w 8
            input         (fxp0)           output
   packets  errs      bytes    packets  errs      bytes colls
     32842     0    4645036      39004     0   36242747     0

# netstat -m
357/576/8192 mbufs in use (current/peak/max):
        353 mbufs allocated to data
        4 mbufs allocated to packet headers
350/486/2048 mbuf clusters in use (current/peak/max)
1116 Kbytes allocated to network (18% of mb_map in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

# top
9 processes:   1 running, 8 sleeping
Mem: 4420K Active, 7000K Inact, 30M Wired, 16K Cache, 14M Buf, 82M Free

# w
10:59AM  up 60 days,  4:27, 1 user, load averages: 0.02, 0.01, 0.00
USER             TTY      FROM              LOGIN@  IDLE WHAT
root             console  -                10:59AM     - w

# ipfstat -s
IP states added:
        1152710702 TCP
        41774990 UDP
        501817 ICMP
        1892304881 hits
        1724044636 misses
        0 maximum
        0 no memory
        32721 bkts in use
        33903 active
        42276717 expired
        1152676889 closed

# ipnat -s
mapped  in      2267613053      out     3431175530
added   1043369903      expired 1043298210
no memory       0       bad nat 0
inuse   37542
rules   15
wilds   0

Reply via email to