The Problem
System exhibits some performance degradation. Checking with netstat shows very large (and rising) numbers of “packet reassembles failed” similar to:
# netstat -s | fgrep reassembles 353357449 packet reassembles failed 353359152 packet reassembles failed 353360314 packet reassembles failed 353361547 packet reassembles failed 353363020 packet reassembles failed 353364064 packet reassembles failed
The Solution
In general, IP packet reassembles may fail if:
- There is not enough memory to reassemble the IP fragments.
- A timeout occurs while waiting for the remaining ip fragments.
- The IP fragments get dropped or corrupted.
This post addresses issues #1 and #2.
Regarding Timeouts
Check the current ipfrag_time:
# cat /proc/sys/net/ipv4/ipfrag_time 30
Consider increasing this to 60:
# echo "60" > /proc/sys/net/ipv4/ipfrag_time
If this is successful, it can be made permanent by adding the above echo command to /etc/rc.local
Regarding Memory
The documentation says:
ipfrag_high_thresh - INTEGER Maximum memory used to reassemble IP fragments. When ipfrag_high_thresh bytes of memory is allocated for this purpose, the fragment handler will toss packets until ipfrag_low_thresh is reached. ipfrag_low_thresh - INTEGER See ipfrag_high_thresh
Check the current ipfrag_high_thresh and ipfrag_low_thresh values:
ipfrag_high_thresh 4194304 ipfrag_low_thresh 3145728
In this case start by increasing ipfrag_high_thresh to double the current value. i.e:
# echo "8388608" > /proc/sys/net/ipv4/ipfrag_high_thresh
Again, if the result is satisfactory, add this to /etc/rc.local.