Dst cache overflow with FC2 and FC3

Kimmo Koivisto kimmo.koivisto at surfeu.fi
Thu Jan 13 18:59:59 UTC 2005 

On Thursday 13 January 2005 18:20, Deron Meranda wrote:
> Hmm.  I now think that your dst cache overflows are related to routing
> tables and not connection tracking.

Okay. Is there anything that I could flush reguraly or  I should watch out in 
order to prevent overflow? Do you know any good site where could be more 
information about the dst cache and howto control it?
>
> In particular, what's,
>   # cat /proc/sys/net/ipv4/route/max_size
>   # grep  dst_cache  /proc/slabinfo
>
# cat /proc/sys/net/ipv4/route/max_size
16384

# grep  dst_cache  /proc/slabinfo
ip6_dst_cache         13     15    256   15    1 : tunables  120   60    0 : 
slabdata      1      1      0
xfrm_dst_cache         0      0    256   15    1 : tunables  120   60    0 : 
slabdata      0      0      0
ip_dst_cache        2160   2910    256   15    1 : tunables  120   60    0 : 
slabdata    194    194      0

> Also, are you using IPv6 as well as IPv4?
IPv6 modules are loaded but I'm only using IPv4.

> What's your routing situation, do you have lots of dynamic routes, or other
> complex setups?  What about dynamic interfaces (e.g., PPP) that are
> always being brought up and down?

Dynamic routing is not used but there are 25 static routes. I have one 
additional table for simple policy routing which I set up as follows:

#ip rule add from 172.27.151.138 to 10.100.130.182 table kimmo
#ip route add default via 10.31.175.29 dev eth5 table kimmo
#ip route flush cache

PPP or other types of dynamic interfaces are not used. Firewall has six 
interfaces, four of them are used.
>
> Also try,
>
>   # ip route list table all
>

Here is the output, I have replaced my IP-addresses with fake ones:
<output>

# ip route list table all
default via 10.31.175.29 dev eth0  table kimmo
10.31.175.28/30 dev eth0  proto kernel  scope link  src 10.31.175.30
172.27.151.152/29 via 10.9.10.10 dev eth3
172.27.151.128/29 dev eth1  proto kernel  scope link  src 172.27.151.129
172.27.151.136/29 dev eth2  proto kernel  scope link  src 172.27.151.137
172.27.151.192/28 via 10.9.10.10 dev eth3
172.27.151.176/28 via 10.9.10.10 dev eth3
172.27.151.160/28 via 10.9.10.10 dev eth3
172.27.151.0/25 via 10.9.10.10 dev eth3
172.27.152.0/25 via 10.9.10.10 dev eth3
192.168.100.0/24 via 172.27.151.138 dev eth2
192.168.7.0/24 via 10.9.10.10 dev eth3
192.168.101.0/24 via 172.27.151.139 dev eth2
192.168.3.0/24 via 10.9.10.10 dev eth3
192.0.8.0/24 via 10.9.10.10 dev eth3
10.9.10.0/24 dev eth3  proto kernel  scope link  src 10.9.10.9
192.0.9.0/24 via 10.9.10.10 dev eth3
192.168.17.0/24 via 10.9.10.10 dev eth3
192.168.15.0/24 via 10.9.10.10 dev eth3
192.168.13.0/24 via 10.9.10.10 dev eth3
192.0.6.0/24 via 10.9.10.10 dev eth3
172.22.12.0/24 via 10.9.10.10 dev eth3
172.22.11.0/24 via 10.9.10.10 dev eth3
192.168.10.0/24 via 10.9.10.10 dev eth3
192.0.1.0/24 via 10.9.10.10 dev eth3
10.10.10.0/23 via 10.9.10.10 dev eth3
169.254.0.0/16 dev eth3  scope link
default via 10.31.175.29 dev eth0
broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 
127.0.0.1
broadcast 172.27.151.128 dev eth1  table local  proto kernel  scope link  src 
172.27.151.129
local 172.27.151.129 dev eth1  table local  proto kernel  scope host  src 
172.27.151.129
broadcast 10.9.10.0 dev eth3  table local  proto kernel  scope link  src 
10.9.10.9
broadcast 172.27.151.135 dev eth1  table local  proto kernel  scope link  src 
172.27.151.129
broadcast 10.31.175.28 dev eth0  table local  proto kernel  scope link  src 
10.31.175.30
broadcast 10.31.175.31 dev eth0  table local  proto kernel  scope link  src 
10.31.175.30
local 10.31.175.30 dev eth0  table local  proto kernel  scope host  src 
10.31.175.30
broadcast 172.27.151.136 dev eth2  table local  proto kernel  scope link  src 
172.27.151.137
local 172.27.151.137 dev eth2  table local  proto kernel  scope host  src 
172.27.151.137
local 10.9.10.9 dev eth3  table local  proto kernel  scope host  src 10.9.10.9
broadcast 10.9.10.255 dev eth3  table local  proto kernel  scope link  src 
10.9.10.9
broadcast 172.27.151.143 dev eth2  table local  proto kernel  scope link  src 
172.27.151.137
broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 
127.0.0.1
local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1
local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1
local ::1 via :: dev lo  proto none  metric 0  mtu 16436 advmss 16376 metric10 
64
local fe80::204:23ff:feab:140c via :: dev lo  proto none  metric 0  mtu 16436 
advmss 16376 metric10 64
local fe80::204:23ff:feab:140d via :: dev lo  proto none  metric 0  mtu 16436 
advmss 16376 metric10 64
local fe80::204:23ff:feab:140e via :: dev lo  proto none  metric 0  mtu 16436 
advmss 16376 metric10 64
local fe80::211:43ff:fecd:249c via :: dev lo  proto none  metric 0  mtu 16436 
advmss 16376 metric10 64
fe80::/64 dev eth0  metric 256  mtu 1500 advmss 1440 metric10 64
fe80::/64 dev eth1  metric 256  mtu 1500 advmss 1440 metric10 64
fe80::/64 dev eth2  metric 256  mtu 1500 advmss 1440 metric10 64
fe80::/64 dev eth3  metric 256  mtu 1500 advmss 1440 metric10 64
ff00::/8 dev eth0  metric 256  mtu 1500 advmss 1440 metric10 1
ff00::/8 dev eth1  metric 256  mtu 1500 advmss 1440 metric10 1
ff00::/8 dev eth2  metric 256  mtu 1500 advmss 1440 metric10 1
ff00::/8 dev eth3  metric 256  mtu 1500 advmss 1440 metric10 1
unreachable default dev lo  proto none  metric -1  error -101 metric10 255
</output>

> And, have you since updated your kernel to 2.6.9-1.724_FC3, and are you
> still experiencing the overflow?

I have update to the kernel-2.6.10-1.737_FC3 but not yet rebooted with it. I 
have script that tracks down dst cache overflow errors and reboots if errors 
are found, after next reboot I have 2.6.10. Last error was two days ago, so 
it might take week or two to reboot :)

Regards
Kimmo Koivisto

More information about the fedora-list mailing list