Limiting open port RST response from 247 to 200 packets per second

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Limiting open port RST response from 247 to 200 packets per second

Alex Dehaini
Hi Guys,

I have some issues with Squid on Freebsd. I am running FreeBSD release 4.9
and Squid version 2.5.

I have setup FreeBSD as a bridge so that all traffic from my network can
transparently pass through the FreeBSD server. I am running Squid on the
same server and I created an ipfw rule to redirect port 80 to port 3128.

Normally, when Squid is not started - we see traffic close to 30MB flowing
through the server. Immediately I start squid, the traffic drops to half and
sometimes lower and stays there. When this happens, I have a lot of clients
that will call and complain they can't access the Internet. At the same
time, I get these log messages

*Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from 247
to 200 packets per second
Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from 247
to 200 packets per second
Feb  5 20:39:45 myserver /kernel: Limiting open port RST response from 239
to 200 packets per second
Feb  5 20:39:45 myserver /kernel: Limiting open port RST response from 239
to 200 packets per second
Feb  5 20:39:46 myserver /kernel: Limiting open port RST response from 273
to 200 packets per second
Feb  5 20:39:46 myserver /kernel: Limiting open port RST response from 273
to 200 packets per second
Feb  5 20:39:47 myserver /kernel: Limiting open port RST response from 228
to 200 packets per second
Feb  5 20:39:47 myserver /kernel: Limiting open port RST response from 228
to 200 packets per second
Feb  5 20:39:48 myserver /kernel: Limiting open port RST response from 225
to 200 packets per second
Feb  5 20:39:48 myserver /kernel: Limiting open port RST response from 225
to 200 packets per second
Feb  5 20:39:49 myserver /kernel: Limiting open port RST response from 244
to 200 packets per second
Feb  5 20:39:49 myserver /kernel: Limiting open port RST response from 244
to 200 packets per second
Feb  5 20:39:50 myserver /kernel: Limiting open port RST response from 259
to 200 packets per second
Feb  5 20:39:50 myserver /kernel: Limiting open port RST response from 259
to 200 packets per second
Feb  5 20:39:51 myserver /kernel: Limiting open port RST response from 234
to 200 packets per second
Feb  5 20:39:51 myserver /kernel: Limiting open port RST response from 234
to 200 packets per second
Feb  5 20:39:52 myserver /kernel: Limiting open port RST response from 243
to 200 packets per second
Feb  5 20:39:52 myserver /kernel: Limiting open port RST response from 243
to 200 packets per second
Feb  5 20:39:53 myserver /kernel: Limiting open port RST response from 218
to 200 packets per second
Feb  5 20:39:53 myserver /kernel: Limiting open port RST response from 218
to 200 packets per second
Feb  5 20:39:55 myserver /kernel: Limiting open port RST response from 233
to 200 packets per second
Feb  5 20:39:55 myserver /kernel: Limiting open port RST response from 233
to 200 packets per second
Feb  5 20:39:56 myserver /kernel: Limiting open port RST response from 241
to 200 packets per second
Feb  5 20:39:56 myserver /kernel: Limiting open port RST response from 241
to 200 packets per second
Feb  5 20:39:57 myserver /kernel: Limiting open port RST response from 220
to 200 packets per second
Feb  5 20:39:57 myserver /kernel: Limiting open port RST response from 220
to 200 packets per second
Feb  5 20:39:58 myserver /kernel: Limiting open port RST response from 206
to 200 packets per second
Feb  5 20:39:58 myserver /kernel: Limiting open port RST response from 206
to 200 packets per second
Feb  5 20:40:01 myserver /kernel: Limiting open port RST response from 223
to 200 packets per second
Feb  5 20:40:01 myserver /kernel: Limiting open port RST response from 223
to 200 packets per second*

When I stop Squid, everything returns to normal. Any idea what is causing
this. I will appreciate any help.

Thanks

--
Alex Dehaini
Developer
Site - www.alexdehaini.com
Email - [hidden email]
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-performance
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Limiting open port RST response from 247 to 200 packets per second

István-3
Hi!


lix@test:~$sysctl -a | grep net.inet.icmp.icmplim
net.inet.icmp.icmplim: 200
net.inet.icmp.icmplim_output: 1


Regards,
Istvan

On Fri, Feb 6, 2009 at 2:44 PM, Alex Dehaini <[hidden email]> wrote:

> Hi Guys,
>
> I have some issues with Squid on Freebsd. I am running FreeBSD release 4.9
> and Squid version 2.5.
>
> I have setup FreeBSD as a bridge so that all traffic from my network can
> transparently pass through the FreeBSD server. I am running Squid on the
> same server and I created an ipfw rule to redirect port 80 to port 3128.
>
> Normally, when Squid is not started - we see traffic close to 30MB flowing
> through the server. Immediately I start squid, the traffic drops to half
> and
> sometimes lower and stays there. When this happens, I have a lot of clients
> that will call and complain they can't access the Internet. At the same
> time, I get these log messages
>
> *Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from 247
> to 200 packets per second
> Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from 247
> to 200 packets per second
> Feb  5 20:39:45 myserver /kernel: Limiting open port RST response from 239
> to 200 packets per second
> Feb  5 20:39:45 myserver /kernel: Limiting open port RST response from 239
> to 200 packets per second
> Feb  5 20:39:46 myserver /kernel: Limiting open port RST response from 273
> to 200 packets per second
> Feb  5 20:39:46 myserver /kernel: Limiting open port RST response from 273
> to 200 packets per second
> Feb  5 20:39:47 myserver /kernel: Limiting open port RST response from 228
> to 200 packets per second
> Feb  5 20:39:47 myserver /kernel: Limiting open port RST response from 228
> to 200 packets per second
> Feb  5 20:39:48 myserver /kernel: Limiting open port RST response from 225
> to 200 packets per second
> Feb  5 20:39:48 myserver /kernel: Limiting open port RST response from 225
> to 200 packets per second
> Feb  5 20:39:49 myserver /kernel: Limiting open port RST response from 244
> to 200 packets per second
> Feb  5 20:39:49 myserver /kernel: Limiting open port RST response from 244
> to 200 packets per second
> Feb  5 20:39:50 myserver /kernel: Limiting open port RST response from 259
> to 200 packets per second
> Feb  5 20:39:50 myserver /kernel: Limiting open port RST response from 259
> to 200 packets per second
> Feb  5 20:39:51 myserver /kernel: Limiting open port RST response from 234
> to 200 packets per second
> Feb  5 20:39:51 myserver /kernel: Limiting open port RST response from 234
> to 200 packets per second
> Feb  5 20:39:52 myserver /kernel: Limiting open port RST response from 243
> to 200 packets per second
> Feb  5 20:39:52 myserver /kernel: Limiting open port RST response from 243
> to 200 packets per second
> Feb  5 20:39:53 myserver /kernel: Limiting open port RST response from 218
> to 200 packets per second
> Feb  5 20:39:53 myserver /kernel: Limiting open port RST response from 218
> to 200 packets per second
> Feb  5 20:39:55 myserver /kernel: Limiting open port RST response from 233
> to 200 packets per second
> Feb  5 20:39:55 myserver /kernel: Limiting open port RST response from 233
> to 200 packets per second
> Feb  5 20:39:56 myserver /kernel: Limiting open port RST response from 241
> to 200 packets per second
> Feb  5 20:39:56 myserver /kernel: Limiting open port RST response from 241
> to 200 packets per second
> Feb  5 20:39:57 myserver /kernel: Limiting open port RST response from 220
> to 200 packets per second
> Feb  5 20:39:57 myserver /kernel: Limiting open port RST response from 220
> to 200 packets per second
> Feb  5 20:39:58 myserver /kernel: Limiting open port RST response from 206
> to 200 packets per second
> Feb  5 20:39:58 myserver /kernel: Limiting open port RST response from 206
> to 200 packets per second
> Feb  5 20:40:01 myserver /kernel: Limiting open port RST response from 223
> to 200 packets per second
> Feb  5 20:40:01 myserver /kernel: Limiting open port RST response from 223
> to 200 packets per second*
>
> When I stop Squid, everything returns to normal. Any idea what is causing
> this. I will appreciate any help.
>
> Thanks
>
> --
> Alex Dehaini
> Developer
> Site - www.alexdehaini.com
> Email - [hidden email]
> _______________________________________________
> [hidden email] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-performance
> To unsubscribe, send any mail to "
> [hidden email]"
>



--
the sun shines for all
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-performance
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Limiting open port RST response from 247 to 200 packets per second

Alex Dehaini
I increased net.inet.icmp.icmplim to 2000 but this does not make any change.
Here is my output

myserver# sysctl -a | grep net.inet.icmp.icmplim
net.inet.icmp.icmplim: 2000
net.inet.icmp.icmplim_output: 1

After increasing inet.icmp.icmplim to 2000 and startign Squid, I don't get
the errors below

Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from 247
to 200 packets per second
Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from 247
to 200 packets per second
Feb  5 20:39:45 myserver /kernel: Limiting open port RST response from 239
to 200 packets per second

But traffic still drops.

Alex


On Fri, Feb 6, 2009 at 3:19 PM, István Szukács <[hidden email]> wrote:

> Hi!
>
>
> lix@test:~$sysctl -a | grep net.inet.icmp.icmplim
> net.inet.icmp.icmplim: 200
> net.inet.icmp.icmplim_output: 1
>
>
> Regards,
> Istvan
>
> On Fri, Feb 6, 2009 at 2:44 PM, Alex Dehaini <[hidden email]>wrote:
>
>> Hi Guys,
>>
>> I have some issues with Squid on Freebsd. I am running FreeBSD release 4.9
>> and Squid version 2.5.
>>
>> I have setup FreeBSD as a bridge so that all traffic from my network can
>> transparently pass through the FreeBSD server. I am running Squid on the
>> same server and I created an ipfw rule to redirect port 80 to port 3128.
>>
>> Normally, when Squid is not started - we see traffic close to 30MB flowing
>> through the server. Immediately I start squid, the traffic drops to half
>> and
>> sometimes lower and stays there. When this happens, I have a lot of
>> clients
>> that will call and complain they can't access the Internet. At the same
>> time, I get these log messages
>>
>> *Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from
>> 247
>> to 200 packets per second
>> Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from 247
>> to 200 packets per second
>> Feb  5 20:39:45 myserver /kernel: Limiting open port RST response from 239
>> to 200 packets per second
>> Feb  5 20:39:45 myserver /kernel: Limiting open port RST response from 239
>> to 200 packets per second
>> Feb  5 20:39:46 myserver /kernel: Limiting open port RST response from 273
>> to 200 packets per second
>> Feb  5 20:39:46 myserver /kernel: Limiting open port RST response from 273
>> to 200 packets per second
>> Feb  5 20:39:47 myserver /kernel: Limiting open port RST response from 228
>> to 200 packets per second
>> Feb  5 20:39:47 myserver /kernel: Limiting open port RST response from 228
>> to 200 packets per second
>> Feb  5 20:39:48 myserver /kernel: Limiting open port RST response from 225
>> to 200 packets per second
>> Feb  5 20:39:48 myserver /kernel: Limiting open port RST response from 225
>> to 200 packets per second
>> Feb  5 20:39:49 myserver /kernel: Limiting open port RST response from 244
>> to 200 packets per second
>> Feb  5 20:39:49 myserver /kernel: Limiting open port RST response from 244
>> to 200 packets per second
>> Feb  5 20:39:50 myserver /kernel: Limiting open port RST response from 259
>> to 200 packets per second
>> Feb  5 20:39:50 myserver /kernel: Limiting open port RST response from 259
>> to 200 packets per second
>> Feb  5 20:39:51 myserver /kernel: Limiting open port RST response from 234
>> to 200 packets per second
>> Feb  5 20:39:51 myserver /kernel: Limiting open port RST response from 234
>> to 200 packets per second
>> Feb  5 20:39:52 myserver /kernel: Limiting open port RST response from 243
>> to 200 packets per second
>> Feb  5 20:39:52 myserver /kernel: Limiting open port RST response from 243
>> to 200 packets per second
>> Feb  5 20:39:53 myserver /kernel: Limiting open port RST response from 218
>> to 200 packets per second
>> Feb  5 20:39:53 myserver /kernel: Limiting open port RST response from 218
>> to 200 packets per second
>> Feb  5 20:39:55 myserver /kernel: Limiting open port RST response from 233
>> to 200 packets per second
>> Feb  5 20:39:55 myserver /kernel: Limiting open port RST response from 233
>> to 200 packets per second
>> Feb  5 20:39:56 myserver /kernel: Limiting open port RST response from 241
>> to 200 packets per second
>> Feb  5 20:39:56 myserver /kernel: Limiting open port RST response from 241
>> to 200 packets per second
>> Feb  5 20:39:57 myserver /kernel: Limiting open port RST response from 220
>> to 200 packets per second
>> Feb  5 20:39:57 myserver /kernel: Limiting open port RST response from 220
>> to 200 packets per second
>> Feb  5 20:39:58 myserver /kernel: Limiting open port RST response from 206
>> to 200 packets per second
>> Feb  5 20:39:58 myserver /kernel: Limiting open port RST response from 206
>> to 200 packets per second
>> Feb  5 20:40:01 myserver /kernel: Limiting open port RST response from 223
>> to 200 packets per second
>> Feb  5 20:40:01 myserver /kernel: Limiting open port RST response from 223
>> to 200 packets per second*
>>
>> When I stop Squid, everything returns to normal. Any idea what is causing
>> this. I will appreciate any help.
>>
>> Thanks
>>
>> --
>> Alex Dehaini
>> Developer
>> Site - www.alexdehaini.com
>> Email - [hidden email]
>> _______________________________________________
>> [hidden email] mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-performance
>> To unsubscribe, send any mail to "
>> [hidden email]"
>>
>
>
>
> --
> the sun shines for all
>



--
Alex Dehaini
Developer
Site - www.alexdehaini.com
Email - [hidden email]
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-performance
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Limiting open port RST response from 247 to 200 packets per second

Alex Dehaini
Any ideas

On Fri, Feb 6, 2009 at 3:24 PM, Alex Dehaini <[hidden email]> wrote:

> I increased net.inet.icmp.icmplim to 2000 but this does not make any
> change. Here is my output
>
> myserver# sysctl -a | grep net.inet.icmp.icmplim
> net.inet.icmp.icmplim: 2000
> net.inet.icmp.icmplim_output: 1
>
> After increasing inet.icmp.icmplim to 2000 and startign Squid, I don't get
> the errors below
>
> Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from 247
> to 200 packets per second
> Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from 247
> to 200 packets per second
> Feb  5 20:39:45 myserver /kernel: Limiting open port RST response from 239
> to 200 packets per second
>
> But traffic still drops.
>
> Alex
>
>
>
> On Fri, Feb 6, 2009 at 3:19 PM, István Szukács <[hidden email]> wrote:
>
>> Hi!
>>
>>
>> lix@test:~$sysctl -a | grep net.inet.icmp.icmplim
>> net.inet.icmp.icmplim: 200
>> net.inet.icmp.icmplim_output: 1
>>
>>
>> Regards,
>> Istvan
>>
>> On Fri, Feb 6, 2009 at 2:44 PM, Alex Dehaini <[hidden email]>wrote:
>>
>>> Hi Guys,
>>>
>>> I have some issues with Squid on Freebsd. I am running FreeBSD release
>>> 4.9
>>> and Squid version 2.5.
>>>
>>> I have setup FreeBSD as a bridge so that all traffic from my network can
>>> transparently pass through the FreeBSD server. I am running Squid on the
>>> same server and I created an ipfw rule to redirect port 80 to port 3128.
>>>
>>> Normally, when Squid is not started - we see traffic close to 30MB
>>> flowing
>>> through the server. Immediately I start squid, the traffic drops to half
>>> and
>>> sometimes lower and stays there. When this happens, I have a lot of
>>> clients
>>> that will call and complain they can't access the Internet. At the same
>>> time, I get these log messages
>>>
>>> *Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from
>>> 247
>>> to 200 packets per second
>>> Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from
>>> 247
>>> to 200 packets per second
>>> Feb  5 20:39:45 myserver /kernel: Limiting open port RST response from
>>> 239
>>> to 200 packets per second
>>> Feb  5 20:39:45 myserver /kernel: Limiting open port RST response from
>>> 239
>>> to 200 packets per second
>>> Feb  5 20:39:46 myserver /kernel: Limiting open port RST response from
>>> 273
>>> to 200 packets per second
>>> Feb  5 20:39:46 myserver /kernel: Limiting open port RST response from
>>> 273
>>> to 200 packets per second
>>> Feb  5 20:39:47 myserver /kernel: Limiting open port RST response from
>>> 228
>>> to 200 packets per second
>>> Feb  5 20:39:47 myserver /kernel: Limiting open port RST response from
>>> 228
>>> to 200 packets per second
>>> Feb  5 20:39:48 myserver /kernel: Limiting open port RST response from
>>> 225
>>> to 200 packets per second
>>> Feb  5 20:39:48 myserver /kernel: Limiting open port RST response from
>>> 225
>>> to 200 packets per second
>>> Feb  5 20:39:49 myserver /kernel: Limiting open port RST response from
>>> 244
>>> to 200 packets per second
>>> Feb  5 20:39:49 myserver /kernel: Limiting open port RST response from
>>> 244
>>> to 200 packets per second
>>> Feb  5 20:39:50 myserver /kernel: Limiting open port RST response from
>>> 259
>>> to 200 packets per second
>>> Feb  5 20:39:50 myserver /kernel: Limiting open port RST response from
>>> 259
>>> to 200 packets per second
>>> Feb  5 20:39:51 myserver /kernel: Limiting open port RST response from
>>> 234
>>> to 200 packets per second
>>> Feb  5 20:39:51 myserver /kernel: Limiting open port RST response from
>>> 234
>>> to 200 packets per second
>>> Feb  5 20:39:52 myserver /kernel: Limiting open port RST response from
>>> 243
>>> to 200 packets per second
>>> Feb  5 20:39:52 myserver /kernel: Limiting open port RST response from
>>> 243
>>> to 200 packets per second
>>> Feb  5 20:39:53 myserver /kernel: Limiting open port RST response from
>>> 218
>>> to 200 packets per second
>>> Feb  5 20:39:53 myserver /kernel: Limiting open port RST response from
>>> 218
>>> to 200 packets per second
>>> Feb  5 20:39:55 myserver /kernel: Limiting open port RST response from
>>> 233
>>> to 200 packets per second
>>> Feb  5 20:39:55 myserver /kernel: Limiting open port RST response from
>>> 233
>>> to 200 packets per second
>>> Feb  5 20:39:56 myserver /kernel: Limiting open port RST response from
>>> 241
>>> to 200 packets per second
>>> Feb  5 20:39:56 myserver /kernel: Limiting open port RST response from
>>> 241
>>> to 200 packets per second
>>> Feb  5 20:39:57 myserver /kernel: Limiting open port RST response from
>>> 220
>>> to 200 packets per second
>>> Feb  5 20:39:57 myserver /kernel: Limiting open port RST response from
>>> 220
>>> to 200 packets per second
>>> Feb  5 20:39:58 myserver /kernel: Limiting open port RST response from
>>> 206
>>> to 200 packets per second
>>> Feb  5 20:39:58 myserver /kernel: Limiting open port RST response from
>>> 206
>>> to 200 packets per second
>>> Feb  5 20:40:01 myserver /kernel: Limiting open port RST response from
>>> 223
>>> to 200 packets per second
>>> Feb  5 20:40:01 myserver /kernel: Limiting open port RST response from
>>> 223
>>> to 200 packets per second*
>>>
>>> When I stop Squid, everything returns to normal. Any idea what is causing
>>> this. I will appreciate any help.
>>>
>>> Thanks
>>>
>>> --
>>> Alex Dehaini
>>> Developer
>>> Site - www.alexdehaini.com
>>> Email - [hidden email]
>>> _______________________________________________
>>> [hidden email] mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-performance
>>> To unsubscribe, send any mail to "
>>> [hidden email]"
>>>
>>
>>
>>
>> --
>> the sun shines for all
>>
>
>
>
> --
> Alex Dehaini
> Developer
> Site - www.alexdehaini.com
> Email - [hidden email]
>



--
Alex Dehaini
Developer
Site - www.alexdehaini.com
Email - [hidden email]
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-performance
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Limiting open port RST response from 247 to 200 packets per second

Maciej Suszko-3
Alex Dehaini <[hidden email]> wrote:
> Any ideas

Show us the output of `vmstat -z` - may be helpful.
--
regards, Maciej Suszko.

signature.asc (202 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Limiting open port RST response from 247 to 200 packets per second

Nikos Ntarmos
In reply to this post by Alex Dehaini
Alex,

Traffic from and to the bridge interface that speaks with the internet
dropping when you use a proxy server is quite normal. You did have an
issue with icmplim but you have that fixed now. Do your clients still
complain of problems with connectivity?

Cheers.

\n\n
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-performance
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Limiting open port RST response from 247 to 200 packets per second

Alex Dehaini
In reply to this post by Maciej Suszko-3
Here is the output of 'vmstat -z' on my server

myserver# vmstat -z

ITEM            SIZE     LIMIT    USED    FREE  REQUESTS

PIPE:            160,        0,      6,     96,     5976
SWAPMETA:        160,   233016,      0,      0,        0
unpcb:           160,        0,      4,     46,     6460
ripcb:           192,    40000,      0,     42,       28
divcb:           192,    40000,      0,      0,        0
syncache:        160,    15359,      0,   1766,    10989
tcpcb:           576,    40000,      7,     92,     2115
udpcb:           192,    40000,      6,     36,     2158
socket:          192,    40000,     17,    111,    10762
DIRHASH:        1024,        0,    288,      4,      301
KNOTE:            64,        0,      0,    128,       24
NFSNODE:         352,        0,      0,      0,        0
NFSMOUNT:        544,        0,      0,      0,        0
VNODE:           192,        0,   2806,     56,     2806
NAMEI:          1024,        0,      0,     16,   261060
VMSPACE:         192,        0,     34,     94,     5671
PROC:            416,        0,     40,     58,     5678
DP fakepg:        64,        0,      0,      0,        0
PV ENTRY:         28,  3297134,  30022, 1002145,  4007245
MAP ENTRY:        48,        0,    753,    820,   278386
KMAP ENTRY:       48,    85223,    182,    202,    11578
MAP:             108,        0,      7,      3,        7
VM OBJECT:        92,        0,   1340,    412,   145002

I hope it helps

Alex


On Fri, Feb 6, 2009 at 6:36 PM, Maciej Suszko <[hidden email]> wrote:

> Alex Dehaini <[hidden email]> wrote:
> > Any ideas
>
> Show us the output of `vmstat -z` - may be helpful.
> --
> regards, Maciej Suszko.
>



--
Alex Dehaini
Developer
Site - www.alexdehaini.com
Email - [hidden email]
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-performance
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Limiting open port RST response from 247 to 200 packets per second

Ivan Voras
In reply to this post by Alex Dehaini
Alex Dehaini wrote:

> Hi Guys,
>
> I have some issues with Squid on Freebsd. I am running FreeBSD release 4.9
> and Squid version 2.5.
>
> I have setup FreeBSD as a bridge so that all traffic from my network can
> transparently pass through the FreeBSD server. I am running Squid on the
> same server and I created an ipfw rule to redirect port 80 to port 3128.
>
> Normally, when Squid is not started - we see traffic close to 30MB flowing
> through the server. Immediately I start squid, the traffic drops to half and
> sometimes lower and stays there. When this happens, I have a lot of clients
> that will call and complain they can't access the Internet. At the same
> time, I get these log messages
>
> *Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from 247
> to 200 packets per second
> Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from 247
> to 200 packets per second

> When I stop Squid, everything returns to normal. Any idea what is causing
> this. I will appreciate any help.

RST response means a client has tried to connect to a TCP port and
didn't succeed. In your case, is squid actually doing anything? Are
there any traffic in your logs?

By increasing icmplim you only lifted the supression of the outgoing RST
packets, you didn't solve your problem.


signature.asc (266 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Limiting open port RST response from 247 to 200 packets per second

Alex Dehaini
In reply to this post by Alex Dehaini
Any help guys?

On Fri, Feb 6, 2009 at 8:45 PM, Alex Dehaini <[hidden email]> wrote:

> Here is the output of 'vmstat -z' on my server
>
> myserver# vmstat -z
>
> ITEM            SIZE     LIMIT    USED    FREE  REQUESTS
>
> PIPE:            160,        0,      6,     96,     5976
> SWAPMETA:        160,   233016,      0,      0,        0
> unpcb:           160,        0,      4,     46,     6460
> ripcb:           192,    40000,      0,     42,       28
> divcb:           192,    40000,      0,      0,        0
> syncache:        160,    15359,      0,   1766,    10989
> tcpcb:           576,    40000,      7,     92,     2115
> udpcb:           192,    40000,      6,     36,     2158
> socket:          192,    40000,     17,    111,    10762
> DIRHASH:        1024,        0,    288,      4,      301
> KNOTE:            64,        0,      0,    128,       24
> NFSNODE:         352,        0,      0,      0,        0
> NFSMOUNT:        544,        0,      0,      0,        0
> VNODE:           192,        0,   2806,     56,     2806
> NAMEI:          1024,        0,      0,     16,   261060
> VMSPACE:         192,        0,     34,     94,     5671
> PROC:            416,        0,     40,     58,     5678
> DP fakepg:        64,        0,      0,      0,        0
> PV ENTRY:         28,  3297134,  30022, 1002145,  4007245
> MAP ENTRY:        48,        0,    753,    820,   278386
> KMAP ENTRY:       48,    85223,    182,    202,    11578
> MAP:             108,        0,      7,      3,        7
> VM OBJECT:        92,        0,   1340,    412,   145002
>
> I hope it helps
>
> Alex
>
>
>
> On Fri, Feb 6, 2009 at 6:36 PM, Maciej Suszko <[hidden email]> wrote:
>
>> Alex Dehaini <[hidden email]> wrote:
>> > Any ideas
>>
>> Show us the output of `vmstat -z` - may be helpful.
>> --
>> regards, Maciej Suszko.
>>
>
>
>
> --
> Alex Dehaini
> Developer
> Site - www.alexdehaini.com
> Email - [hidden email]
>



--
Alex Dehaini
Developer
Site - www.alexdehaini.com
Email - [hidden email]
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-performance
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Limiting open port RST response from 247 to 200 packets per second

Maciej Suszko-3
Alex Dehaini <[hidden email]> wrote:
> Any help guys?

It doesn't look suspicious to me. Watch your logs and while you get
those messages about limiting open port rst response, try to check
`netstat -na` output - maybe you'll find some ,,anomalies'', do it
several times, post the observation results. We'll see :)

> On Fri, Feb 6, 2009 at 8:45 PM, Alex Dehaini <[hidden email]>
> wrote:
>
> > Here is the output of 'vmstat -z' on my server
> >
> > myserver# vmstat -z
> >
> > ITEM            SIZE     LIMIT    USED    FREE  REQUESTS
> >
> > PIPE:            160,        0,      6,     96,     5976
> > SWAPMETA:        160,   233016,      0,      0,        0
> > unpcb:           160,        0,      4,     46,     6460
> > ripcb:           192,    40000,      0,     42,       28
> > divcb:           192,    40000,      0,      0,        0
> > syncache:        160,    15359,      0,   1766,    10989
> > tcpcb:           576,    40000,      7,     92,     2115
> > udpcb:           192,    40000,      6,     36,     2158
> > socket:          192,    40000,     17,    111,    10762
> > DIRHASH:        1024,        0,    288,      4,      301
> > KNOTE:            64,        0,      0,    128,       24
> > NFSNODE:         352,        0,      0,      0,        0
> > NFSMOUNT:        544,        0,      0,      0,        0
> > VNODE:           192,        0,   2806,     56,     2806
> > NAMEI:          1024,        0,      0,     16,   261060
> > VMSPACE:         192,        0,     34,     94,     5671
> > PROC:            416,        0,     40,     58,     5678
> > DP fakepg:        64,        0,      0,      0,        0
> > PV ENTRY:         28,  3297134,  30022, 1002145,  4007245
> > MAP ENTRY:        48,        0,    753,    820,   278386
> > KMAP ENTRY:       48,    85223,    182,    202,    11578
> > MAP:             108,        0,      7,      3,        7
> > VM OBJECT:        92,        0,   1340,    412,   145002
> >
> > I hope it helps
--
regards, Maciej Suszko.

signature.asc (202 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Limiting open port RST response from 247 to 200 packets per second

kama-4
In reply to this post by Alex Dehaini

Ehm, you have posted the exact same lines from the log... Until you find
new lines you are probably fine...

/Bjorn

On Fri, 6 Feb 2009, Alex Dehaini wrote:

> Any ideas
>
> On Fri, Feb 6, 2009 at 3:24 PM, Alex Dehaini <[hidden email]> wrote:
>
> > I increased net.inet.icmp.icmplim to 2000 but this does not make any
> > change. Here is my output
> >
> > myserver# sysctl -a | grep net.inet.icmp.icmplim
> > net.inet.icmp.icmplim: 2000
> > net.inet.icmp.icmplim_output: 1
> >
> > After increasing inet.icmp.icmplim to 2000 and startign Squid, I don't get
> > the errors below
> >
> > Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from 247
> > to 200 packets per second
> > Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from 247
> > to 200 packets per second
> > Feb  5 20:39:45 myserver /kernel: Limiting open port RST response from 239
> > to 200 packets per second
> >
> > But traffic still drops.
> >
> > Alex
> >
> >
> >
> > On Fri, Feb 6, 2009 at 3:19 PM, István Szukács <[hidden email]> wrote:
> >
> >> Hi!
> >>
> >>
> >> lix@test:~$sysctl -a | grep net.inet.icmp.icmplim
> >> net.inet.icmp.icmplim: 200
> >> net.inet.icmp.icmplim_output: 1
> >>
> >>
> >> Regards,
> >> Istvan
> >>
> >> On Fri, Feb 6, 2009 at 2:44 PM, Alex Dehaini <[hidden email]>wrote:
> >>
> >>> Hi Guys,
> >>>
> >>> I have some issues with Squid on Freebsd. I am running FreeBSD release
> >>> 4.9
> >>> and Squid version 2.5.
> >>>
> >>> I have setup FreeBSD as a bridge so that all traffic from my network can
> >>> transparently pass through the FreeBSD server. I am running Squid on the
> >>> same server and I created an ipfw rule to redirect port 80 to port 3128.
> >>>
> >>> Normally, when Squid is not started - we see traffic close to 30MB
> >>> flowing
> >>> through the server. Immediately I start squid, the traffic drops to half
> >>> and
> >>> sometimes lower and stays there. When this happens, I have a lot of
> >>> clients
> >>> that will call and complain they can't access the Internet. At the same
> >>> time, I get these log messages
> >>>
> >>> *Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from
> >>> 247
> >>> to 200 packets per second
> >>> Feb  5 20:39:44 myserver /kernel: Limiting open port RST response from
> >>> 247
> >>> to 200 packets per second
> >>> Feb  5 20:39:45 myserver /kernel: Limiting open port RST response from
> >>> 239
> >>> to 200 packets per second
> >>> Feb  5 20:39:45 myserver /kernel: Limiting open port RST response from
> >>> 239
> >>> to 200 packets per second
> >>> Feb  5 20:39:46 myserver /kernel: Limiting open port RST response from
> >>> 273
> >>> to 200 packets per second
> >>> Feb  5 20:39:46 myserver /kernel: Limiting open port RST response from
> >>> 273
> >>> to 200 packets per second
> >>> Feb  5 20:39:47 myserver /kernel: Limiting open port RST response from
> >>> 228
> >>> to 200 packets per second
> >>> Feb  5 20:39:47 myserver /kernel: Limiting open port RST response from
> >>> 228
> >>> to 200 packets per second
> >>> Feb  5 20:39:48 myserver /kernel: Limiting open port RST response from
> >>> 225
> >>> to 200 packets per second
> >>> Feb  5 20:39:48 myserver /kernel: Limiting open port RST response from
> >>> 225
> >>> to 200 packets per second
> >>> Feb  5 20:39:49 myserver /kernel: Limiting open port RST response from
> >>> 244
> >>> to 200 packets per second
> >>> Feb  5 20:39:49 myserver /kernel: Limiting open port RST response from
> >>> 244
> >>> to 200 packets per second
> >>> Feb  5 20:39:50 myserver /kernel: Limiting open port RST response from
> >>> 259
> >>> to 200 packets per second
> >>> Feb  5 20:39:50 myserver /kernel: Limiting open port RST response from
> >>> 259
> >>> to 200 packets per second
> >>> Feb  5 20:39:51 myserver /kernel: Limiting open port RST response from
> >>> 234
> >>> to 200 packets per second
> >>> Feb  5 20:39:51 myserver /kernel: Limiting open port RST response from
> >>> 234
> >>> to 200 packets per second
> >>> Feb  5 20:39:52 myserver /kernel: Limiting open port RST response from
> >>> 243
> >>> to 200 packets per second
> >>> Feb  5 20:39:52 myserver /kernel: Limiting open port RST response from
> >>> 243
> >>> to 200 packets per second
> >>> Feb  5 20:39:53 myserver /kernel: Limiting open port RST response from
> >>> 218
> >>> to 200 packets per second
> >>> Feb  5 20:39:53 myserver /kernel: Limiting open port RST response from
> >>> 218
> >>> to 200 packets per second
> >>> Feb  5 20:39:55 myserver /kernel: Limiting open port RST response from
> >>> 233
> >>> to 200 packets per second
> >>> Feb  5 20:39:55 myserver /kernel: Limiting open port RST response from
> >>> 233
> >>> to 200 packets per second
> >>> Feb  5 20:39:56 myserver /kernel: Limiting open port RST response from
> >>> 241
> >>> to 200 packets per second
> >>> Feb  5 20:39:56 myserver /kernel: Limiting open port RST response from
> >>> 241
> >>> to 200 packets per second
> >>> Feb  5 20:39:57 myserver /kernel: Limiting open port RST response from
> >>> 220
> >>> to 200 packets per second
> >>> Feb  5 20:39:57 myserver /kernel: Limiting open port RST response from
> >>> 220
> >>> to 200 packets per second
> >>> Feb  5 20:39:58 myserver /kernel: Limiting open port RST response from
> >>> 206
> >>> to 200 packets per second
> >>> Feb  5 20:39:58 myserver /kernel: Limiting open port RST response from
> >>> 206
> >>> to 200 packets per second
> >>> Feb  5 20:40:01 myserver /kernel: Limiting open port RST response from
> >>> 223
> >>> to 200 packets per second
> >>> Feb  5 20:40:01 myserver /kernel: Limiting open port RST response from
> >>> 223
> >>> to 200 packets per second*
> >>>
> >>> When I stop Squid, everything returns to normal. Any idea what is causing
> >>> this. I will appreciate any help.
> >>>
> >>> Thanks
> >>>
> >>> --
> >>> Alex Dehaini
> >>> Developer
> >>> Site - www.alexdehaini.com
> >>> Email - [hidden email]
> >>> _______________________________________________
> >>> [hidden email] mailing list
> >>> http://lists.freebsd.org/mailman/listinfo/freebsd-performance
> >>> To unsubscribe, send any mail to "
> >>> [hidden email]"
> >>>
> >>
> >>
> >>
> >> --
> >> the sun shines for all
> >>
> >
> >
> >
> > --
> > Alex Dehaini
> > Developer
> > Site - www.alexdehaini.com
> > Email - [hidden email]
> >
>
>
>
> --
> Alex Dehaini
> Developer
> Site - www.alexdehaini.com
> Email - [hidden email]
> _______________________________________________
> [hidden email] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-performance
> To unsubscribe, send any mail to "[hidden email]"
>
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-performance
To unsubscribe, send any mail to "[hidden email]"