Re: kernel oops with NAT in 2.6.16.13 kernel

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Nishit Shah <nishit@elitecore.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: kernel oops with NAT in 2.6.16.13 kernel
Date: Tue, 10 Oct 2006 08:01:18 +0200	[thread overview]
Message-ID: <452B372E.3020206@trash.net> (raw)
In-Reply-To: <02a901c6ec2f$f5d1e730$4c01a8c0@elitecore26>

Nishit Shah wrote:
> I have performed load testing through Spirent avalanche.(Test Specification
> is Connections/Second).
> At one side of testing machine, there are 10/11 virtual clients created by
> Spirent and 4/5 virtual servers at other side.
> Testing is through HTTP 1.0 with heep alive and 1024 bytes of object size.
> I haven't loaded or unloaded any modules..
> I have loaded conntrack module with following parameters.
> modprobe conntrack hashsize=262144
> echo 1048576 > /proc/sys/net/ipv4/ip_conntrack_max
> (Testing machines contain >= 1 GB of RAM and those were plain firewall only
> machines.)
> Connection rate is around 4000 Connections/Second at the time of oops and
> around 3,00,000 connection entries at time of oops.
> 
> Also, some of my observations,
> I don't think problem is with connection rate, problem is with number of
> connection entries.
> I have tried with different machines but every time i got kernel oops at
> 3,00,000 entries in conntrack table.(tried with Pentium 4,Xeon,Xeon duel
> etc..)

With many conntrack entries NAT may take considerable time to find a
free tuple (up to ~64000 quite expensive hash lookups). For optimal
performance, the hash should be twice as large as the maximum number
of entries. I assume the machine doesn't freeze completely but
just reports a softlockup? Are you running anything touching conntrack
/proc-files during this test?

next prev parent reply	other threads:[~2006-10-10  6:01 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-10-06  7:57 kernel oops with NAT in 2.6.16.13 kernel Nishit Shah
2006-10-10  5:04 ` Patrick McHardy
2006-10-10  5:50   ` Nishit Shah
2006-10-10  6:01     ` Patrick McHardy [this message]
2006-10-10  6:28       ` Nishit Shah
2006-10-11  5:52         ` Patrick McHardy
2006-10-11  6:44           ` Nishit Shah
2006-10-11  7:04             ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=452B372E.3020206@trash.net \
    --to=kaber@trash.net \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=nishit@elitecore.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.