Hi #Setup:# A redundant firewall pair (two HP DL380G4) with 3 em dual gig nics (plus 2 unused bge), 6 vlans, pfsync and 1500 rows of pf.conf. OpenBSD 3.8 STABLE (updated two weeks ago). The generic kernel is used + backported SACK patch so we could use "synproxy" correctly.
#Problem:# This redundantfirewall pair just died after a couple of weeks good work. All interfaces use carp. During the last 24 hours before the problem they have had a constant 25-30% higher average load of outgoing traffic 100 to 110 Mbit, and incoming traffic of 80-90 Mbit. A pfstat graph show a packet rate that is not over 15000 in any direction. Apr 11 09:32:16 XXXXXX /bsd: WARNING: mclpool limit reached; increase kern.maxclusters On the list we have seen people raised kern.maxclusters values to over 65000 without success (the fw just lasts longer) and later got info that they had a driver bug (xl for example). I unfortunately don't have a "netstat-m" or "vmstat -m|grep mcl" but assume I would not be happy to see the result of the output. #Question:# This problem is *hopefully* caused by a high network load and therefor only needs tuning rather than an os problem. A sysctl -a | grep kern.maxclusters shows the default: kern.maxclusters=6144 What is a reasonable value for kern.maxclusters in a situation like this? (We ask as we don't want to raise it to high as we also are afraid of eventual side effects) Thanks Per-Olov -- GPG keyID: 4DB283CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE
