lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d20c3b7d0705032048l8c10d11i98a13881b1c8b3f3@mail.gmail.com>
Date:	Fri, 4 May 2007 05:48:18 +0200
From:	"Øyvind Vågen Jægtnes" <lorrides@...il.com>
To:	"Willy Tarreau" <w@....eu>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: Routing 600+ vlan's via linux problems (looks like arp problems)

Hi again :)

On 5/4/07, Willy Tarreau <w@....eu> wrote:
> On Thu, May 03, 2007 at 11:12:09PM +0200, Øyvind Vågen Jægtnes wrote:
> > On 5/3/07, Jan Engelhardt <jengelh@...ux01.gwdg.de> wrote:
> > >
> > >On May 3 2007 22:53, Willy Tarreau wrote:
> > >>> For the rest all we see in the arp cache is (incomplete)
> > >>
> > >>I suspect that your arp cache is full (128 entries by default).
> > >>Check /proc/sys/net/ipv4/neigh/gc_thresh1 (128 for me). You can
> > >>set it as high as gc_thresh2 (512 for me), and I don't know what
> > >>happens above.
> > >
> > >Above, you will perhaps need the not-so-elegant userspace arpd :-/
> >
> > Yes, i was suspecting that the arp cache got full, but i will try
> > increasing it :)
> > Would there be any huge bugs if i change these lines in arp.c:
> >
> >        .gc_thresh1 =   128,
> >        .gc_thresh2 =   512,
> >
> > to
> >
> >        .gc_thresh1 =   700,
> >        .gc_thresh2 =   700,
> >
> > under the definition for struct arp_tbl?
>
> I don't think it could cause a problem, but network people will surely
> correct me if I'm wrong.

System is up and running perfectly now, it is routing everything at
about 200 mbps now with only 5% load avg with the above changes to
arp.c

So the real question now is, why is this number so low by default?
It would probably be much better if this could be handled dynamically
in the kernel.

> > This setup will only run for about 1-2 hours while we fix the hardware
> > router (it is running now, but only on a backup flash card solution.
> > the harddrive in it died ;)
>
> Huhhh! Please tell us exactly what make and model of ROUTER you are using
> which embeds a HARD DRIVE, so that we recall never to buy that ! Having
> seen uptimes of 5 years on moderately big access routers, I would have
> find it awful to see them die multiple times in that timeframe because
> of a crappy IDE drive inside !

Its a Juniper M7i
It comes default with a 5400 rpm laptop 2.5" harddrive but now we
bought a more robust "server" 2.5" harddrive. It still barfs on the OS
install, so the linux is doing all the job now. Will get a juniper guy
to come and fix :)

As a side note, i'm starting to wonder if it was worth the $20k when i
could just have a linux machine to do the job with a clone for backup
;)

regards
Øyvind Vågen Jægtnes
+47 96 22 03 08
lorrides@...il.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ