Hi Michel,
Michel Santos wrote:
> Tek Bahadur Limbu disse na ultima mensagem:
>>> what size is your link?
>> For each proxy, the link is burstable upto to 15 mbps. But they are
>> grouped together in different groups. We have 6 groups. Each group has
>> bandwidth ranging from 5 mbps to 20 mbps. However since our link comes via
>> satellite, the proxies starts building a large number of mbufs especially
>> when our uplink gets saturated. Since it's a satellite link, bandwidth is
>> never enough no matter how big we are subscribing. We still have some time
>> to go (maybe months, or years) before we get it from a fiber link.
>>
>>> Sure this is not related to your crash and to your link either but
>>> somaxconn is the queue size of pending connections and not the number of
>>> connections and you are probably setting this far too high. somaxconn as
>>> 1024 or max 2048 would be more reasonable and nmbcluster I would not set
>>> higher than 128 or 256k
>>>
>>> if you eat that up you have other troubles and increasing this values
>>> does
>>> not solve them I guess
>> Well I am using nmbcluster = 256000 on some of my FreeBSD-6.2 machines
>> because they don't support setting the nmbcluster to 0. Well let me try
>> setting somaxconn to 2048.
>
> I like to suggest again starting a clean system like said in a former msg
> and observe and then check value for value instead of mixing it all up at
> once
>
Well that will not be possible right now or at one go. Just because 1 or
2 of my busiest proxy servers are feeling the heat or running short of
memory causing it to restart, I just can't revamp the whole proxy setup
comprising the browsing and caching system. Too many users are connected
to them and will be affected. However, I will definitely try it out one
at a time in a span of a few months.
Also, it is not really causing much of a problem. I mean nobody has
noticed it except me. Even I myself hardly notice it unless I glance at
the graphs. I will just try to adjust the best possible values and
sysctl tunables or just compile the kernel.
I think the best solution right now is to upgrade the memory of the
proxy servers.
>
>
>> - From my observation in recent months, the mbufs value has not crossed
>> 120K. I will probably use 128K or 256K. I read an article regarding
>> setting somaxconn=32768 to help stop SYN flooding.
>>
>> http://silverwraith.com/papers/freebsd-ddos.php
>
>
> who am i to understand miracles? without saying any else I suggest you
> compare the man page or tuning what describes somaxconn and what the
> author claims it is and figure out about the other statements ...
Well I was just saying that I set the value of the somaxconn after
reading the above article and needed your opinion if I was doing it right.
>
>
>> In your opinion, what's wrong with setting nmbcluster to 0 since, in
>> this way, I never run out of mbufs?
>
>
> sorry if came over a wrong impression that I want to lecture or something,
> I am not saying it is wrong (how would I know?), I am only changing ideas
> here ok and am saying that I would do it different and what is my opinion
>
I am also just sharing and exchanging ideas from you since your proxy
servers are running on FreeBSD systems and you seem quite good and
familiar with BSD systems.
After all, a server is never perfect like a man. It always needs
maintenance, care and tuning. Don't you think so?
Anyway, it's always good to learn what other people have to say and if
right, apply their suggestions and tips. Your suggestions have given me
new directions and have also shed light not only in Squid but also
FreeBSD in general too.
I appreciate your help and comments.
Thanking you...
>
>
> michel
> ...
>
>
>
>
> ****************************************************
> Datacenter Matik http://datacenter.matik.com.br
> E-Mail e Data Hosting Service para Profissionais.
> ****************************************************
>
>
>
>
-- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.npReceived on Mon Aug 13 2007 - 12:32:38 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT