Q: How many Users do you serve w. your OES11-Infrastructure?

Reason for this - at first glance - stupid- question is the following:
We migrated (or Novell forced us to) from our low power (two HL DL360 G3 and 2 DL360 g4 one G5) 6.5 Cluster to a very juicy (6xDL360 G8, tons of proccessors) OES 11 cluster. We serve
approx. 1600 - 1700 Clients. Today everything stopped some of the Cluster Nodes didn't respond. This never happend in our old Cluster!
The reason was or IS by "Enterprise" Design:
DMESG: ipv4: Neighbour table overflow. !!!! Are we the only ones in the (small Novell) World who serves more than 1000 Clients???? WHY is there a limitation in the IP Cluster stack???
Did one EVER tested that. Should we better migrate to M$???
ip neigh show | wc -l --> shows 1021 entrys
sysctl net.ipv4.neigh.default.gc_thresh3
net.ipv4.neigh.default.gc_thresh3 = 1024
Means one cluster Node can handle 1024 connections. What if on one Node runs the DNS server? Only 1020 of 1600 Clients get an answer! Cool enterprise solution boys!
VERY angry!

On 03/25/2014 04:56 AM, jottschi wrote:
>
> Reason for this - at first glance - stupid- question is the following:
> We migrated (or Novell forced us to) from our low power (two HL DL360 G3
> and 2 DL360 g4 one G5) 6.5 Cluster to a very juicy (6xDL360 G8, tons of
> proccessors) OES 11 cluster. We serve
> approx. 1600 - 1700 Clients. Today everything stopped some of the
> Cluster Nodes didn't respond. This never happend in our old Cluster!
> The reason was or IS by "Enterprise" Design:
> DMESG: ipv4: Neighbour table overflow. !!!! Are we the only ones in the
> (small Novell) World who serves more than 1000 Clients???? WHY is there
> a limitation in the IP Cluster stack???
I'm sorry to hear about the lack of availability of the cluster nodes. I
am sure it is frustrating to have a system configured to be
highly-reliable (via clustering) to fail due to default settings. With
that said, this is a default Linux setting, and you're welcome to change it.
> Did one EVER tested that. Should we better migrate to M$???
I do not understand what you're asking.... did anybody test this on large
broadcast domains?
> ip neigh show | wc -l --> shows 1021 entrys
Wow, well that's quite a few. I think this number indicates something you
do not realize, though. While something like 'ss' or 'netstat' will tell
you how many layer three (IP) or four (TCP/UDP) connections your system
has, that number is not reflected by 'ip neigh', so usually the number of
clients your system has is limited in the list of neighbors by quite a
bit. For example, if I make a connection on my laptop (openSUSE, but same
default for my neighboring table) to Google, I can see that I have a fair
number of network connections total as shown:
Code:
me@mybox:~/Desktop> /usr/sbin/ss -planeto | grep -c ESTAB
61
but that's only tangentially related to the number of neighbors my laptop
sees:
Code:
me@mybox:~/Desktop> ip neigh
192.168.1.20 dev eth0 lladdr 00:1d:09:03:54:02 STALE
192.168.1.254 dev eth0 lladdr 00:1e:2a:74:66:35 STALE
192.168.1.1 dev eth0 lladdr f8:8f:ca:40:7a:1c REACHABLE
192.168.255.50 dev br8 lladdr ac:d3:58:ae:8e:ac STALE
How can that be? I have at least eight connections to unique remote
machines, so shouldn't I have at least eight listings in 'ip neigh'
output? The answer, of course, is 'no' because what you see from 'ip
neigh' are the cached addresses found via ARP, and ARP only matters within
the current broadcast domain, meaning on your local network before you hit
any routers. Even though I'm connected out to eight machines, all my
local routing table needs to care about (despite being VPN'd to a few
places and therefore having a few extra networks considered semi-local)
are the server, router, another router, and printer. Also, this number,
as you can see above, has entries become stale pretty quickly. I think
that time period is, again by default, something like thirty seconds,
since there is no guarantee from one second to the next that a given
server, workstation, or other node on the local network will still be
there. After something is stale the system just uses ARP again to see
what's still out there.
> sysctl net.ipv4.neigh.default.gc_thresh3
> net.ipv4.neigh.default.gc_thresh3 = 1024
Yes, this is a default for the Linux kernel in general. You're welcome to
tune it using sysctl, or probably via Yast so that it is stored to be used
after rebooting (and for the nice simple UI, if you're into that kind of
thing).
> Means one cluster Node can handle 1024 connections. What if on one Node
> runs the DNS server? Only 1020 of 1600 Clients get an answer! Cool
> enterprise solution boys!
No, it means that a given box, by default, can handle 1024 connections
from the local network. A typical Class C network, for example, only has
254 possible nodes, so only 253 connections. I've seen enterprises do
some supernetting to get things like 1022 nodes possible in a network, and
sometimes even fill that, but that's it. I have been on networks that had
addresses handed out from a Class B-like range (172.16.x.x) or even a
class A range (10.x.x.x) but those networks never had 65k or 10M boxes on
them because when you get too far beyond a thousand nodes you typically
suffer a bit of slowness. In your case you not only have more than 1024
nodes, but all of them are talking to the same server at the same time on
that same network.
Can Linux handle more? Sure, you're dealing with the same OS that runs
most supercomputers in the world, many of them being large clusters of
computers all working together in a single network, so obviously the
potential is there; however, there are reasons that one does not allow the
kernel to chew up all memory for a setting like "how many neighbors do you
have cached right now" when, for 99.9999% of the world, that max number
is around 200 since this specifically deals with neighbors on the same
segment or broadcast domain, not neighbors meaning anything reachable via
IP. Doing otherwise, for example setting it to 1,000,000, means that
somebody who was clever could more-easily waste your system's memory via a
denial of service (DoS) attack by flooding the network with bogus ARP
entries. Every one takes some memory, and every one needs to be managed
by the kernel until it is expired and removed, and again those networks
needing more than 1024 to be remembered within any single thirty-second
period are pretty rare. Your network must be pretty awesome to handle
that number of concurrent systems in the same logical network without
degradation.
Regarding running a DNS server, that is a good possibility as a service
that would experience this problem assuming all of the clients were on the
same network as the DNS server itself. While possible, the number of
networks where I've seen that has been pretty small overall since usually
those machines (servers) end up in a DMZ somewhere to prevent
unauthorized, or at least unaudited, access.
> VERY angry!
You're right in that this limitation should be documented, and made quite
obvious wherever it is documented. The migration guide would make sense,
as that would be a place where a lot of assumptions about defaults would
be questioned due to the OS change. If you have a specific page in the
documentation where you read through and expected limitations to be called
out, please either submit feedback, perhaps linking to this thread to
provide the background that you experienced, or post a link here an I'll
do the same.
If there are any other defaults that you feel should be changed,
particularly for your environment, sharing those may help as well.
In the meantime, you can change your current settings by running the
following as 'root' if you have not done so already:
Code:
cp /etc/sysctl.conf /etc/sysctl.conf-`date +%s`
cat << EOM >> /etc/sysctl.conf
# Setup higher threshold for arp
net.ipv4.neigh.default.gc_thresh3 = 4096
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh1 = 1024
EOM
To apply the changes either run 'sysctl -p' (from memory I think that's
the right command) or else reboot the node, then perform again on other nodes.
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

Similar Messages

  • How many devices can you use for your itunes account?

    how many devices can you use for your itunes account?

    PT wrote:
    Macistotle wrote:
    Unless you have DRM still haunting your tunes ... Then you can only use those songs on 5 devices. Otherwise, connect as many as you like (as stated above).
    No, you can sync your DRM tracks to an unlimited number of iPods (but only authorized to play on 5 different computers/user accounts)
    Patrick
    So I can sync two iPods to my iTunes account and sync the same digital copy movies that come with some o' my DVDs to both ipods? Do movies make a difference really, DRM-Wise? Thanks in advance.

  • How many users can you have on one account ?

    Hi,
    I have just created a ID with Adobe Reader for a group to use files stored in cloud. I would like to know how many users can access the account at one time via, mobile devices, ipad, desktops ?

    I don't know if there is a limit; you do mean the free https://cloud.acrobat.com/ ?
    I will move your post to the Acrobat.com forum, where someone hopefully can give you a definitive answer.

  • How many users do you have using Busines Objects Enterprise?

    Post Author: hcso
    CA Forum: Deployment
    How many people did you first roll it out to and was it a difficult process?  I'm guessing there was training and documentation made available?
    Using:
    Business Objects Enterprise Release 2 SP2
    SQL Server 2000 Data Mart
    IIS
    .NET framework installed
    Crystal Reports XI R2
    Active Directory authentication
    Windows Server 2003 virtual machine
    Service Pack 2
    Intel 3 GHz
    1.02 GB RAM
    15 G hard drive
    Thank you!

    The sparsebundle will expand in size as required.. there is not set size.. when the hard disk is full then each TM should start deleting old backups. If you want to set a size for each backup then you will need to create a disk image.. but really TM can be left to look after this itself.
    http://pondini.org/TM/33.html

  • How many song can you put on your ipod with 16 gb

    how many song can you put on a 16 gb ipod

    With overhead for the software, the 16GB Nano has 14.88GB useable. I have 1,968 songs on mine, using 9.5GB, leaving 5.4 free. Assuming that all 1,968 songs are approximately the same length and size (which of course they aren't ), that would leave me room for ~1,118 more songs for a total of 3,086 songs.

  • How many users one EJB server can handle?

    How many concurrent users can be served by one EJB server? After which point claster of servers should be created?
    I know that it depends on application, but can someone estimate some rough average?
    Real numbers from working application are very welcome.

    Specify the application server name, people would help if you tell the app server name.

  • How many times can you incorrectly enter your passcode before it is disabled?

    My son forget the passcode to his phone after not having it for some time, he doesn't want to permanently disable his phone. How many attempts does he have before he has to connect it to itunes and restore his phone?

    From my experience, if you try to enter wrong password continuously for 5 times, it gets temporarily disabled for a minute. You can try again after a minute or so...

  • How many devices can you have to your itunes library

    How many devices ( Iphone,Ipod, etc) can you have to your itunes account?

    As many as you wish.

  • How many users do you have?

    Hi
    Looking at VC3 with Extensis Portfolio 8.5 & Foldersync solution for file management in a studio with 60 CS2 users.
    Any suggestions or advice on following:-
    - Max number of users
    - Number of servers (whether can distribute load)
    - Compatibility issues with CS2 client and VC3 server
    - Use with an XSAN storage system
    I thank you in advance.
    Regards
    C.

    16-18 depending on who's home.

  • How many users can you have on time capsule

    How do I configure Time capsule so that I can use 2 macbook to safty copy (Time machine). Hans

    The sparsebundle will expand in size as required.. there is not set size.. when the hard disk is full then each TM should start deleting old backups. If you want to set a size for each backup then you will need to create a disk image.. but really TM can be left to look after this itself.
    http://pondini.org/TM/33.html

  • How many times can you type in your password on the restrictions

    I need help

    You can install a trial once on the same computer. After the trial period ends, you'll need a serial number (in other words, a purchased product) to continue using it on the same computer.

  • How many device can you have on your timecapsule

    I have multiple device on my wireles network and it seems i have hit a limit. If I put a 9th device on the network, one of the other devices seem to get kicked off or cannot establilsh connection.
    Is there a limit to the number of devices using a timecapsule?

    If I put a 9th device on the network, one of the other devices seem to get kicked off or cannot establilsh connection.
    The 50 limit Bob refers to is the theory .. the practice is 10.. but it still should not boot a device off.
    Reset the TC and use SMB compatible names.. different for 5ghz. Short.. no spaces. pure alphanumeric.
    Use wpa2 personal with 8-12 character passkey .. again pure alphanumeric.
    Move as much as you can to use 5ghz.. that reduces the load on the 2.4ghz side.
    If you still have issues, lock the wireless channels, for 2.4ghz there are only 3 non-overlapping, 1, 6, 11.. try each in turn.
    Come back and tell us if you still get the same effect.. also is it one particular device that knocks others off.. or any new device.
    You should check you have enough IP addresses with the dhcp pool and reduce the lease time to 20min.

  • How many accounts should you have on your system?

    It might sound stupid but I have had my iBook for like 5 years and have always only had one account. This is an admin account that I called my name (not admin) with a completly different short name. I have searched these discussions and have not yet found the answer to my question. Since I am awaiting my new MacBook which is currently on the west coast (thanks FedEx tracking), I want to be completely prepared when it arrives. Having said that, is there a problem with having only one account on my iBook now that will effect the migration of my info to the new MacBook? And if so, what should I do about it? Thankx in advance for your help
    iBook   Mac OS X (10.4.7)   Waiting for my new MacBook

    Can you explain this to me:
    I do turn on the OS X
    built-in firewall to protect against unwanted
    intrusion from the Internet.
    I am also awaiting a LaCie external HD so when I get that I was going to use Carbon Copy Cloner to "back up" everything to the LaCie before the migration. Or is what you talk about below a better idea? I do back up, some stuff to iDisk and some stuff to CDs and really important stuff to both. I hate to say it but I don't have a complete backup of EVERYTHING. That was one reason I am getting the LaCie.
    If you do not do so, now would be a good time to have
    a backup/retreat strategy. I make bootable clones of
    my iMacs on an external firewire drive using a little
    program called SuperDuper ($28 US at
    www.shirt-pocket.com). I always make a clone prior
    to any software change. In that way, I have an
    almost foolproof way to retreat if something goes
    wrong with my software or hardware.
    Thankx again
    Jacque
    iBook   Mac OS X (10.4.7)   Waiting for my new MacBook
    iBook   Mac OS X (10.4.7)   Waiting for my new MacBook
    iBook   Mac OS X (10.4.7)   Waiting for my new MacBook

  • How many devices can you connect on your IPOD touch 4th gen with bluetooth

    I have a 4th Generation Ipod touch.  currently using (2) UE Boom wireless speakers to connect via BLuetooth  (2.1+EDR)
    Is it possible to , say add another 2 speakers,  so in tandem all 4 would connect ?
    Speakers are Logitech (UE Boom wireless)

    Thanks for the reply. Is there any way around this limitation.  I take it 2 sets x 2 won't work.

  • How many users on Mac Mini Server?

    Good morning,
    Apple's recent changes to the Mac Mini line have thrown a wrench in a project plan I've been working. One part of the project needs a quad-core computer (FileMaker Server) and so I'm having to either search for an older model or switch up to a Mac Pro.
    The other part of the project involves bringing a Mac-based server in for directory and user services, including mail.  I had planned to use the high-end Mac Mini Server but that option was removed. The office I'm supporting is about 15 people (usually a little less on the network) and most of their work will actually be done against the other computer running the FileMaker Server-based application. I was not expecting a big load against the Mac Mini Server. But these changes got me wondering, what are others' experiences with Mac Mini as a server for 12-15 people? I'm happy with qualitative and quantitative data, but I would like to know which is which. In general:
         For how many users have you provided directory and user services (built in to the OS) using a single Mac Mini?
         What were the specs of the Mac Mini (year or model, speed, CPU config, RAM)?
         Other thoughts?
    In essence, I need to understand if people have successfully used dual core processors as Mac Mini servers in environments of 12-15 people. I've done it using a 2012 Mac Mini Server with 5-6 and the loading seems to support further growth, but would like real-world experience.
    Thanks.

    Dutch Apple employee told me that Mac OS X 10.6 Server has also Windows Terminal Services equivalent.
    But this is not !
    Not yet (?) available in Snow Leopard Server.

Maybe you are looking for

  • How to enable group email accounts

    Hi all, I have spent a while fiddling with (and breaking) my OSX Lion 10.7.4 Server install trying to get group emails working. I would just like to share how I did it. Follow the below how to. #!/bin/bash # Group EMail Enabler v0.2 # Jeff Johnson <j

  • Create PDFs that can be edited in Acrobat Reader?

    All, Is it possible to create a PDF (designed in Indesign CC 2014/Mac, and exported as PDF in Acrobat Professional XI) that is then a) editable in Adobe Acrobat Reader XI (11.0.09) and b) is of the quality and has fonts embedded to act as a print qua

  • Please Help: Trouble with nested CASE statement and comparing dates

    Please tell me why the query below is always returning the bold null even when the start_date of OLD is greater than or equal to the start_date of NEW. What I want to do is get the difference of the start_dates of two statuses ( Start_date of OLD - S

  • Payment Print system and Script Assigning

    Hi Experts        In FI check(payment) print outs, we use FBZ5 transaction.   In our company user defined script has been called from this transaction. how to call, is there any customization needed, i checked the standard program SAPMFCHK and includ

  • What dimensions for big-screen presentation?

    Almost everything I do is for presentations for either my employer or my church. I've experimented with WMV, MOV, and AVI but I'm still not sure what will look best that large. Since there are no rulers in FCE's Canvas or Viewer and I haven't found a