High memory usage - SWAP

ipsec
v7

(Till) #1

NethServer Version: 7.3.1611

Hi,

my swap ram is getting red and i don´t know why:

The server is running since months without any problem. Can anybody tell me how to figure out why that´s happening?

My machine is running on a proxmox node.

“Top” shows:

And free -m shows:


(Francenildo) #2

I have the same problem.


(Francenildo) #3

(Michael Träumner) #4

I don’t know how to figure out why, but here dnutan says what you can try to do.


(Till) #5

After restart everything seems good. I´ll have a look tomorrow.


(Michael Kicks) #6

@prostream are you using IPSec tunnels?


(Till) #7

Yes but i recognized that my tunnel was offline a few days ago. Do you think that could be the reason why my RAM usage is that high?

And my /var/log/messages contains a lot of this:

Jul 19 13:28:48 net01 journal: Suppressed 1254 messages from /system.slice/ipsec.service
Jul 19 13:29:18 net01 journal: Suppressed 1243 messages from /system.slice/ipsec.service
Jul 19 13:29:50 net01 journal: Suppressed 1199 messages from /system.slice/ipsec.service
Jul 19 13:30:20 net01 journal: Suppressed 946 messages from /system.slice/ipsec.service
Jul 19 13:30:50 net01 journal: Suppressed 870 messages from /system.slice/ipsec.service
Jul 19 13:31:20 net01 journal: Suppressed 1292 messages from /system.slice/ipsec.service
Jul 19 13:31:55 net01 journal: Suppressed 1237 messages from /system.slice/ipsec.service
Jul 19 13:32:25 net01 journal: Suppressed 1303 messages from /system.slice/ipsec.service
Jul 19 13:32:55 net01 journal: Suppressed 1710 messages from /system.slice/ipsec.service
Jul 19 13:33:25 net01 journal: Suppressed 885 messages from /system.slice/ipsec.service
Jul 19 13:33:55 net01 journal: Suppressed 1666 messages from /system.slice/ipsec.service
Jul 19 13:34:27 net01 journal: Suppressed 1094 messages from /system.slice/ipsec.service
Jul 19 13:34:57 net01 journal: Suppressed 1666 messages from /system.slice/ipsec.service
Jul 19 13:35:27 net01 journal: Suppressed 1677 messages from /system.slice/ipsec.service
Jul 19 13:35:58 net01 journal: Suppressed 929 messages from /system.slice/ipsec.service
Jul 19 13:36:28 net01 journal: Suppressed 1655 messages from /system.slice/ipsec.service
Jul 19 13:36:58 net01 journal: Suppressed 1677 messages from /system.slice/ipsec.service
Jul 19 13:37:28 net01 journal: Suppressed 1644 messages from /system.slice/ipsec.service
Jul 19 13:37:59 net01 journal: Suppressed 995 messages from /system.slice/ipsec.service
Jul 19 13:38:29 net01 journal: Suppressed 1292 messages from /system.slice/ipsec.service
Jul 19 13:39:22 net01 journal: Suppressed 544 messages from /system.slice/ipsec.service
Jul 19 13:40:06 net01 journal: Suppressed 1017 messages from /system.slice/ipsec.service
Jul 19 13:41:26 net01 journal: Suppressed 984 messages from /system.slice/ipsec.service
Jul 19 13:42:47 net01 journal: Suppressed 984 messages from /system.slice/ipsec.service
Jul 19 13:43:46 net01 journal: Suppressed 484 messages from /system.slice/ipsec.service
Jul 19 13:44:33 net01 journal: Suppressed 462 messages from /system.slice/ipsec.service

I´ll try to get the tunnel up and have a look if the problem still exist.


(Stéphane de Labrusse) #8

what are the installed modules ???

your server is simply low in memory, add more maybe…2GB is not so hight nowadays


(Till) #9

This are installed modules:

2GB is not enough? The server is running with about 600MB RAM usage since 1 1/2 years. I thought that 2GB are enough. But ok i´ll add some more RAM to the VM.


(Stéphane de Labrusse) #10

indeed it doesn’t seems that you have installed a module that needs a lot of ram…I think about web filtering, snort … something like this.

fun but the fact that you restarted, we cannot investigate more the causes


(Till) #11

Yes thats right but i think that was caused by a bad configured IPSec VPN Site-to-Site Tunnel. Openswan was trying to bring up the tunnel all the Time.


(Michael Kicks) #12

AFAIR, the IPSec module do not allow “respond only” setup; if tunnel is enabled, NethServer initiate connection to the other endpoint.
So if the IPSec tunnel is not currenty used, could be a great idea disable it.


(Andy) #13

Why do you offer this? Offer immediately to buy Itanium! I had the same problem with a persistent swap at 2GB of memory and constant server brakes. And this despite the fact that all the modules that could be removed - I removed. For home use I have a Pentium E2220 / 2GB memory. I believe that this is more than enough, for example, for a home server. I’m tired of enduring permanent brakes and gone on pfSense. I now have 1GB and this is enough for everything that I worked on a NethSserver. I’ll be back, only when the NethServer will moderate its gluttony.


(Stefano Zamboni) #14

'cause he’s right

we have smartphones with 6 or more GB or ram, so 2 GB for a server (Centos7 based) is not a so high value

regarding pfsense and NS, you’re comparing apples and bananas… pfsense is a *BSD derived firewall dedicated distro, NS is a server oriented distro, based on Centos


(Andy) #15

And we fly into space and what now? Let’s spend resources reasonably. And do not throw it in the garbage, it’s almost obsolete. And your position looks like - homeless with 2 gigabytes pass by our distribution for real servers.

Phrase from the site: "NethServer is an operating system for Linux enthusiasts, designed for small offices and medium enterprises"
Apparently the concept of a small office is a person of 100+ and should stand at least 2 xeon + 32 GB ram. So?

The minimum requirements are 1GB. Why does 3+ eat while the minimum is running?

I used clearos, which worked for me on P4-2.4 / 2Gb / asus p4p800, and clearos is also based on centos, but he did not eat so much.

Pfsense now performs what I need - firewall + proxy + reverse proxy and does not require large resources.
And the position, such as pfsense it is something there bsd, and we have a steep serious thing here - inappropriate.
It just looks like an attempt to close your eyes to the problem. Microsoft likes to do this.

It’s a pity, it seems to be a NethServer handy distro, but for me, its gluttony negates all the advantages.


(Stéphane de Labrusse) #16

Yeah i recall in 1998 i had 64MB of ram…now it is still enough :wink:

I recall also the 8KB of the ZX81 in 1981


(Stefano Zamboni) #17

Man, take a deep breath and relax (Cit.)

Linux and BSD are both unix like O.S., but they are very different

ATM you’re just saying us “it doesn’t work”… If you feel something is wrong, please provvide us some data and evidence to work on and to understand if really is there an issue
Thank you


(Mark Edworthy) #18

I am finding this conversation about a lack of RAM interesting and slightly amusing.

Those people that have been following some of my other posts / comments would be aware that I have been experimenting with converting SoC (System on Chip), ARM based device into fully functional servers. Most of these devices contain only 1GB of memory.

In the past I have installed and maintained various server services (ie. Firewalls / Gateways, Dovecot, LAMP stack, LDAP authentication, file services - SAMBA, Webdav, FTP etc.) on varius devices including 486, Pentium 1 and 2 based computers, most of these devices would have had between 256MB - 1GB of RAM.

In my personal opinion, it is generally not necessary to purchase and install larger amounts of RAM or to increase the speed of the CPU for a home / small office server.

I have a general piece of advice when an individual asks me about purchasing new computers / hardware (I do get quite a few question by domestic, home users asking me about upgrades), that advice being: if choosing new hardware then only spend a reasonable amount of money and choose hardware that is suitable for the individuals needs, ie. if the user only needs a workstation for word-processing and web browser usage then it is not necessary to purchase a Cray-3 supercomputer (I know that this example is a bit extreme, but does illustrate the point about being overzealous in relation to hardware specifications).


(Mark Edworthy) #19

Technically Linux and BSD are POSIX systems (POSIX is the standard label for the design of operating systems, especially ones which are compatible with Unix and, yes, they do have a number of similarities, apart from having different lineage (Linux was originally written by Linus Torvalds and BSD or ‘Berkeley Software Distribution’ was originally a set of modifications to Bell Unix created by the University of California. Now there are multiple different versions of BSD, also Apple OS includes some BSD within the iOS / Mac OS kernal).

Whilst NS would not work upon BSD (as of NS current version) due to the fact that NS has been created to correspond to CentOS / Redhat directory - file structure and repository / package management system (RPM) , as well as there would be issues with various library versions numbers.

However, it is possible to install all the server services (ie. Apache, MySQL, Dovecot, Postfix, SSH, SAMBA, OpenLDAP etc.) on either any Linux or BSD variant. Both variants could be configured via a console or third-party web interfaces (ie. Webmin) by an individual with a good understanding of either OS / platform.


(Filippo Carletti) #20

@tavrist, some memory statistics from one of my servers which is running as firewall with web content filter, IPS with all rules (expert mode), pbx with mysql and dpi (and a proprietary app in nodejs eating some ram).

# free
              total        used        free      shared  buff/cache   available
Mem:        1919304     1185596       94524      111164      639184      385716
Swap:       1048572        4408     1044164

As you can see I have 2 GB of RAM, some of which is free.
I suspect you may have found a problem in your system, but this kind of problems are hard to debug.
Or you may have misconfigured your system, it’s hard to tell.

I work a more than a handful of NethServers, I don’t observe your problems in any of them.