[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Multi instance cache

  • Subject: [Openvpn-users] Multi instance cache
  • From: "Harris, Jeff" <JeffH@xxxxxxxxxx>
  • Date: Fri, 22 Jun 2007 10:45:50 -0400

I am seeing an issue with the number of multi_instance objects being
created that is causing my system to run out of memory.  I am running
OpenVPN 2.0.6 on a Linux machine with 256MB of RAM.  I am trying to
support at least 125 connected clients.  

I have no problem with supporting them at first.  The memory usage of
the server openvpn process is will short of the total memory available.
I am running the test by having my workstation start 125 client to
connect to the same server.  Each client creates its own TAP interface
with an IP address.  Running a ping from all clients to the server works
as well.

In simulating the effects of client disconnects and reconnects, I start
to see the server's memory grow.  I added trace statements to count the
number of multi_instance instances which are alive when they are
allocated and deallocated.  Initially, I see the 125 instances
corresponding to my connected clients.  However, when I start to
simulate disconnections, I see the number start to grow.  I simulate the
disconnect by sending a SIGUSR1 to all of my clients simultaneously.
Often I will see the number of multi_instance instances grow to 250
which would be expected to represent the new connections and the old
ones which eventually timeout due to a lack of a keep-alive ping.  So,
the number does decrease down to 125 before the process repeats.  

Sometimes, however, I see the number of instances spike to over 600
which causes my device to run out of memory.  Are there any tuneable
parameters which I can set to constrain the number of cached
multi_instances to say twice the number of supported clients?

I have tried modifying the REAP_DIVISOR value to 16 instead of 256 and
lower the management history and log buffers to 10 from 100.  These
changes helped a little.  I have also modified MULTI_CACHE_ROUTE_TTL to
10 instead of 60.  With this setting, I believe the numbers of
multi_instance objects will remain small enough to not run out of
memory.  I am wondering about the ramifications of lowering the TTL
number.  What side-effects could it have?  My test was running with an
inactive keep-alive of 5 seconds and a disconnect time of 30 seconds,
but our normal values are 30 and 120 respectively.  Is the TTL value of
10 going to be too small?

I would appreciate any advice on how to control the number of these
instances I'm seeing.
OpenVPN mailing lists