netdev
[Top] [All Lists]

Re: dst cache overflow on 2.2.16 kernel.

To: jamal <hadi@xxxxxxxxxx>
Subject: Re: dst cache overflow on 2.2.16 kernel.
From: Yann Dupont <Yann.Dupont@xxxxxxxxxxxxxxxxxxx>
Date: 24 Jul 2001 10:46:23 +0200
Cc: Andi Kleen <ak@xxxxxx>, Yann Dupont <Yann.Dupont@xxxxxxxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <Pine.GSO.4.30.0107230723460.5209-100000@shell.cyberus.ca>
References: <Pine.GSO.4.30.0107230723460.5209-100000@shell.cyberus.ca>
Sender: owner-netdev@xxxxxxxxxxx
On 23 Jul 2001 07:26:08 -0400, jamal wrote:
> 

Thanks to all for all the advices.

> He might be having problems with route table not getting enough nh entries
> because of small neigh tables.
> 
> obviously FW1 is doing something weird:
> Yann, try to increment the sizes of the arp tables, example:
> 
> echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
> echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
> echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
> 

I'd like to understand the meaning of gc_thresh1,2,3 ...

gc_thresh is something like garbage collection threshold ? So what's the
meaning of 1,2,3 ?

> Or use higher values if you want
> 

For the moment, the increase of /proc/sys/net/ipv4/route/max_size and 
/proc/sys/net/ipv4/route/gc_thresh      

seems to work OK. But as we're on holiday now, there's not lot of
students to stress the firewall.Anyway, strictly speaking of the kernel
; What's annoying me is that I don't really uderstand the meanings of
the values I manipulate ; I'm not sure those modifications are of any
help. 

route --cache show a really important number of entries - 95% of those
entries show a same destination network - IN fact, a lot of subnets of a
class C network.

Is there any other command that can show me the values/saturation of the
netkork tables ?

This leads me to believe there's something broken in the firewall
configuration.(and I can't do anything for that)

Anyway, the 3rd party who installed the firewall saw the checkpoint
module is not up to date ... So now I just have to wait them for an
action...


> cheers,

Thanks again...

Yann Dupont.

--
\|/ ____ \|/ Fac. des sciences de Nantes-Linux-Python-IPv6-ATM-BONOM....
"@'/ ,. \@"  Tel :(+33) [0]251125865 [0]251125868(Fax)
/_| \__/ |_\ Yann.Dupont@xxxxxxxxxxxxxxxxxxxxxxx
   \__U_/    http://www.unantes.univ-nantes.fr/~dupont


<Prev in Thread] Current Thread [Next in Thread>