[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] hash kernel memory VS. system kernel memory

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] hash kernel memory VS. system kernel memory
From: SEAN_TARBOX@phl.com
Date: Fri, 5 Nov 1999 10:42:59 -0500




Hi All,

SYMPTOM:
I just upgraded from fw-1 V3 to V4 SP3, and I am getting an occasional error on
my console: "FW-1: h_getvals: fw_kmalloc (3400000) failed". The firewall seems
to function pretty well, but occasionally, browser users have to 'reload' to get
a page to come up properly, and this seems to be new since I upgraded to V4. I'm
also rejecting an ocasional UDP replies that should not be rejected  - they
should be seen as response to a legal outbound UDP request, but fw-1 sees it as
a 'new' connection request.

CONFIGURATION:
I am running on a Sparc Solaris 2.6 with 128M of ram, and 300 M of swap space (I
will have a second machine load sharing soon). My /etc/system file has allocated
0x900000 (~9.4M) to the fw-1 hash kernel. I know that's high compared to most of
what I read on this list. The new 'fw ctl pstat' on version 4 shows the
following: (commas inserted for readibility)

Hash Kernel Memory(hmem):
     total=9,437,184
     used=2,123,704
     peak=2,170,468
     free=7,313,480
     0 allocation failures
System Kernel Memory(kmem):
     total=128,000,000
     used=9,900,000
     peak=13,000,000
     free=3,500,000
     4 allocation failures

fw tab -u -t connections | wc -l shows me I have between 2500 and 5000
connections.

QUESTIONS:
Does anyone know if there is a 'set fw:fwkmem' command one needs to put in the
/etc/system, similar to the 'set fw:fwhmem' command that could alleviate this
problem, or does the 'system' just get what's  left over from the 'hash'?
I see that the total 'system memory' is 128M, its not taking into account my
swap space - is this normal, or have I somehow misconfigured my swap?
Do I simply need more RAM on the system?
It looks like I'm underutilizing the hash memory, does it seem possible I have
overallocated 9M to the hash, and its starving the system, and should I maybe
try reducing the hash?
Any other ideas?

Thanks for the input!

Sean Tarbox




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] IP forwarding on NT
Next by Date: [FW1] Pings in log file
Prev by thread: Re: [FW1] E-Mail Addresses
Next by thread: Re: [FW1] hash kernel memory VS. system kernel memory
Index(es):
- Date
- Thread