SOLVED — Heavy VPN99 usage, dropping packets

Home Page Forums Network Management Networking SOLVED — Heavy VPN99 usage, dropping packets

This topic contains 1 reply, has 0 voices, and was last updated by  tls 5 years, 4 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #43876

    tls
    Member

    I am posting this simple fix to a nagging issue I have had on my ZS deployments.

    I have about a 40 users using clients to connect to ZS and post code into a SVN/GIT repository, and then use the same to deploy large builds out to our servers. Every now and then, the system would just drop packets like crazy with no errors in the logs on either side. I could confirm this by running a

     ping -s 4000 ipInside

    and watching it drop for several 10s of seconds then start up again.

    It was evident I was running out of some network resource, but which one?

    It turn out the txqueuelen was running out as the default is 100, and when under heavy use I was seeing some 500 connections to VPN99 active at one time. I determined this by looking at the GRAPHICS link on the landing page for ZS.

    To fix the issue I simply added the following statement to the command line for VPN99:

    --txqueuelen 2000 

    2000 is overkill, but I never wanted to run out again and I have lots of memory.

    I am going to ask Fulvio to make a change to the default VPN99 and other VPN definition because I think it would solve the same type of issue for others, the default for my eth0 is 1000, so the value of 100 (linux default) is clearly to small for me. I will let other determine what a better default would be for VPN99 and others — 2000 takes up about 1MB of memory, something I can live with.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.