Сообщения sure

4тыс коннектов и pthread_create

использую 3proxy для раздачи рандомных ипв6

нагрузка около 1.5 Тб в сутки, одновременно примерно 4000 коннектов

из всего объема около 15% коннекты есть, но трафик не идет. То бишь, в браузере все попытки что либо открыть — неуспех.

Все, за что смог зацепиться в плане ошибок — в логе 3proxy встречается «pthread_create(): Resource temporarily unavailable».

Поднял все лимиты, насколько это возможно. Не помогает:

ulimit -a

core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 127871
max locked memory       (kbytes, -l) unlimited
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1000000
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 40000
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

threads-max
500000

sysctl.conf

net.core.wmem_max=12582912
net.core.rmem_max=12582912
net.ipv4.tcp_rmem= 10240 87380 12582912
net.ipv4.tcp_wmem= 10240 87380 12582912
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_no_metrics_save = 1
net.core.netdev_max_backlog = 5000

limits.conf

root hard nofile 1000000
root soft nofile 1000000
nobody hard nofile 250000
nobody soft nofile 500000
* hard nofile 500000
* soft nofile 500000
root hard nproc 40000
root soft nproc 80000
nobody hard nproc 20000
nobody soft nproc 40000
* hard nproc 20000
* soft nproc unlimited
root - memlock unlimited
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4,tcp_synack_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 3
* soft stack 32768
root soft stack unlimited
root hard stack unlimited

system.conf

DefaultLimitDATA=infinity
DefaultLimitSTACK=infinity
DefaultLimitCORE=infinity
DefaultLimitRSS=infinity
DefaultLimitNOFILE=102400
DefaultLimitAS=infinity
DefaultLimitNPROC=10240
DefaultLimitMEMLOCK=infinity
DefaultTasksMax=unlimited

Ну еще косвенное, TIME_WAIT постоянно около 10-13тыс штук

Честно говоря фантазия уже кончилась что еще можно подкрутить

3proxy, multithreading, pthread, ubuntu

sure
(20.02.24 11:18:52 MSK)

2 комментария

xl2pd рвется соединение

ubuntu 16.04 xl2tpd в качестве сервака

клиенты отваливаются каждые Х минут.

ipsec.conf:

conn NAT-2-NAT
        forceencaps=yes
        authby=secret
        pfs=no
        rekey=yes
        keyingtries=6
        ikelifetime=2h
        salifetime=8h
        type=tunnel
        left=192.168.18.1
        leftsubnet=192.168.18.0/24
        leftnexthop=%defaultroute
        leftprotoport=17/1701
        right=%any
        rightsubnet=vhost:%priv,%no
        rightprotoport=17/0
        dpddelay=10
        dpdtimeout=90
        dpdaction=clear
        auto=add

xl2ptd.conf:

[global]
ipsec saref = no
listen-addr = xx.xx.xx.xx
[lns default]
ip range = 192.168.18.2-192.168.18.254 
local ip = 192.168.18.1  
require authentication = yes
ppp debug = yes 
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
refuse chap = yes 
refuse pap = yes

options.xl2pd

refuse-pap
refuse-chap
refuse-mschap
# Выставляем dns
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
idle 1800
mtu 1200
mru 1200
lock
hide-password
local
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
debug
logfile /var/log/xl2tpd.log

ну и собственно сам syslog:

Mar 22 13:19:28 vpn1 pppd[322]: sent [LCP EchoRep id=0x6 magic=0x3f3c2307]
Mar 22 13:19:28 vpn1 pppd[322]: sent [LCP EchoReq id=0x6 magic=0x3f3c2307]
Mar 22 13:19:29 vpn1 pppd[322]: rcvd [LCP EchoRep id=0x6 magic=0x38e63b0]
Mar 22 13:19:58 vpn1 pppd[322]: sent [LCP EchoReq id=0x7 magic=0x3f3c2307]
Mar 22 13:19:58 vpn1 pppd[322]: rcvd [LCP EchoReq id=0x7 magic=0x38e63b0]
Mar 22 13:19:58 vpn1 pppd[322]: sent [LCP EchoRep id=0x7 magic=0x3f3c2307]
Mar 22 13:19:59 vpn1 pppd[322]: rcvd [LCP EchoRep id=0x7 magic=0x38e63b0]
Mar 22 13:20:28 vpn1 pppd[322]: rcvd [LCP EchoReq id=0x8 magic=0x38e63b0]
Mar 22 13:20:28 vpn1 pppd[322]: sent [LCP EchoRep id=0x8 magic=0x3f3c2307]
Mar 22 13:20:28 vpn1 pppd[322]: sent [LCP EchoReq id=0x8 magic=0x3f3c2307]
Mar 22 13:20:29 vpn1 pppd[322]: rcvd [LCP EchoRep id=0x8 magic=0x38e63b0]
Mar 22 13:20:58 vpn1 pppd[322]: rcvd [LCP EchoReq id=0x9 magic=0x38e63b0]
Mar 22 13:20:58 vpn1 pppd[322]: sent [LCP EchoRep id=0x9 magic=0x3f3c2307]
Mar 22 13:20:58 vpn1 pppd[322]: sent [LCP EchoReq id=0x9 magic=0x3f3c2307]
Mar 22 13:20:59 vpn1 pppd[322]: rcvd [LCP EchoRep id=0x9 magic=0x38e63b0]
Mar 22 13:21:26 vpn1 xl2tpd[31800]: check_control: Received out of order control packet on tunnel 46141 (got 7, expected 8)
Mar 22 13:21:26 vpn1 xl2tpd[31800]: handle_packet: bad control packet!
Mar 22 13:21:27 vpn1 xl2tpd[31800]: check_control: Received out of order control packet on tunnel 46141 (got 7, expected 8)
Mar 22 13:21:27 vpn1 xl2tpd[31800]: handle_packet: bad control packet!
Mar 22 13:21:28 vpn1 xl2tpd[31800]: check_control: Received out of order control packet on tunnel 46141 (got 7, expected 8)
Mar 22 13:21:28 vpn1 xl2tpd[31800]: handle_packet: bad control packet!
Mar 22 13:21:28 vpn1 pppd[322]: rcvd [LCP EchoReq id=0xa magic=0x38e63b0]
Mar 22 13:21:28 vpn1 pppd[322]: sent [LCP EchoRep id=0xa magic=0x3f3c2307]
Mar 22 13:21:28 vpn1 pppd[322]: sent [LCP EchoReq id=0xa magic=0x3f3c2307]
Mar 22 13:21:29 vpn1 pppd[322]: rcvd [LCP EchoRep id=0xa magic=0x38e63b0]
Mar 22 13:21:29 vpn1 xl2tpd[31800]: check_control: Received out of order control packet on tunnel 46141 (got 7, expected 8)
Mar 22 13:21:29 vpn1 xl2tpd[31800]: handle_packet: bad control packet!
Mar 22 13:21:30 vpn1 xl2tpd[31800]: Maximum retries exceeded for tunnel 24346.  Closing.
Mar 22 13:21:30 vpn1 pppd[322]: Modem hangup
Mar 22 13:21:30 vpn1 pppd[322]: Connect time 5.1 minutes.
Mar 22 13:21:30 vpn1 pppd[322]: Sent 153979 bytes, received 217936 bytes.
Mar 22 13:21:30 vpn1 xl2tpd[31800]: Terminating pppd: sending TERM signal to pid 322
Mar 22 13:21:30 vpn1 xl2tpd[31800]: Connection 46141 closed to xx.xx.xx.xx, port 33073 (Timeout)
Mar 22 13:21:30 vpn1 pppd[322]: Script /etc/ppp/ip-down started (pid 430)
Mar 22 13:21:30 vpn1 pppd[322]: Connection terminated.
Mar 22 13:21:30 vpn1 pppd[322]: Waiting for 1 child processes...
Mar 22 13:21:30 vpn1 pppd[322]:   script /etc/ppp/ip-down, pid 430
Mar 22 13:21:30 vpn1 pppd[322]: Terminating on signal 15
Mar 22 13:21:30 vpn1 pppd[322]: sending SIGTERM to process 430
Mar 22 13:21:30 vpn1 pppd[322]: Exit.
Mar 22 13:21:30 vpn1 xl2tpd[31800]: Can not find tunnel 24346 (refhim=0)
Mar 22 13:21:30 vpn1 xl2tpd[31800]: network_thread: unable to find call or tunnel to handle packet.  call = 1892, tunnel = 24346 Dumping.

уже гугл сломал своими поисками :)

xl2tpd

sure
(22.03.17 15:40:22 MSK)

pptpd error reading packet

Дано: 2 абсолютно одинаковые железки (goip шлюзы), одна прошивка 2 абсолютно одинаково настроенных ubuntu сервера с одинаковыми pptpd настройками (копи паст, только ip разные).

Один комплект работает идеально. На втором коннект, держится связь несколько минут, затем:

Mar 14 14:50:12 vpn2 pptpd[25001]: CTRL: EOF or bad error reading ctrl packet length.

Mar 14 14:50:12 vpn2 pptpd[25001]: CTRL: couldn't read packet header (exit)

Mar 14 14:50:12 vpn2 pptpd[25001]: CTRL: CTRL read failed

Mar 14 14:50:12 vpn2 pppd[25002]: Modem hangup

Mar 14 14:50:12 vpn2 pppd[25002]: Connect time 1.8 minutes.

Mar 14 14:50:12 vpn2 pppd[25002]: Sent 33904 bytes, received 160369 bytes.

Mar 14 14:50:12 vpn2 pptpd[25001]: CTRL: Reaping child PPP[25002]

Mar 14 14:50:12 vpn2 pppd[25002]: MPPE disabled

Mar 14 14:50:12 vpn2 pppd[25002]: Connection terminated.

Mar 14 14:50:12 vpn2 pppd[25002]: Exit.

Про pptp, mppe и уязвимости не рассказывайте, у меня выбора нет.