[j-nsp] 512MB ought to be enough for anybody
Richard A Steenbergen
ras at e-gerbil.net
Tue Mar 9 16:32:27 EST 2010
Ok so, I'm currently beating my head against the inpenetrable wall of
anti-clue that is JTAC (yes I know what you're asking, when am I not?
:P), and I've apparently reached a point of impasse where I need to
solicit some external assistance to help get the point across.
The other day we discovered a neat little issue on the EX8200 (all
available code), there is a hard coded resource limit being set by RPD
(not even in the usual places like login.conf class settings that you
can hack around) that limits the size of the data segment to 512MB. When
you try to exceed that limit, rpd coredumps like so:
Process (55002,rpd) attempted to exceed RLIMIT_DATA: attempted 524412 KB Max 524288 KB
pid 55002 (rpd), uid 0: exited on signal 6 (core dumped)
Now, while sane and rational people might see this as a pretty big
problem, Juniper actually believes that this is working as designed and
a perfectly good thing. Here is the response I got back from Advanced
JTAC:
> As per my communication with the engineering, the current limitation
> of the memory allocation for "RPD" process is sufficient enough handle
> 500k+ routes in EX switch, so theoretically we should not see any
> memory usage issue here. But, there could be other issues such memory
> leak etc. which can cause process to hog more memory. It is important
> to analyze core dump of "rpd" so that we can look into root cause of
> the issue.
I of course tried to explain the concept of multiple paths learned from
multiple neighbors in the RIB vs the routes exported to the FIB, and
that my 512MB of rpd utilization was perfectly normal considering the
number of BGP paths we had (which for us is actually pretty darn small,
most of our MX960 routers are doing closer to 1GB in rpd):
Groups: 15 Peers: 14 Down peers: 1
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 933817 332257 0 0 0 0
inetflow.0 50 25 0 0 0 0
inet6.0 4774 2545 0 0 0 0
But they've flatly refused to believe me that this is normal and that a
512MB cap is very very broken, and continue to try and "find the source
of the memory leak". That I'm still having this argument with them, and
that EX engineering doesn't understand 512MB doesn't support that many
paths, frankly boggles the mind.
I sortof understand why they think they need to cap the memory usage of
rpd. One of the problems with the EX platform is that they don't ship
any real storage on the RE, for example this 8208 RE has only 2GB TOTAL,
with very little free space:
Filesystem Size Used Avail Capacity Mounted on
/dev/da0s1a 366M 123M 214M 37% /
/dev/da0s1f 244M 20M 205M 9% /var
/dev/da0s3d 630M 612K 579M 0% /var/tmp
/dev/da0s3e 111M 1.8M 100M 2% /config
How they plan to handle writing 2GB dumps to disk when the kernel panics
is beyond me, this available space (after I removed EVERYTHING possible)
wasn't even enough for me to untar the rpd coredump and gdb it locally.
But the other consequence to no real storage is no swap, so when the
router does run out of memory things are going to go south in a hurry.
That said, at the point rpd is crashing there is almost 1GB of ram left
in the free state, so clearly 512MB is far too low of a limit for
practical use. The problem itself is bad enough, but the bigger problem
here is that these guys really don't seem to understand why this is a
bad thing.
So, can somebody at Juniper please go break the glass on the emergency
cluebat, go find the EX guys, and beat them upside the head with it
until they get detached retinas? Pretty please? :)
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list