Ntpd[8391]: routing socket reports: No buffer space available

tantomo · September 11, 2023, 3:48am

I always got this log

ntpd[8391]: routing socket reports: No buffer space available
ntpd[8391]: message repeated 3 times: [ routing socket reports: No buffer space available]

VyOS 1.3-rolling-202306270401
Supermicro X10SLM-F

$ sudo ethtool -i eth3
driver: mlx4_en
version: 4.0-0
firmware-version: 2.38.5000

conf-strip-private
set firewall all-ping ‘enable’
set firewall broadcast-ping ‘disable’
set firewall config-trap ‘disable’
set firewall group address-group IP-SSH address ‘xxx.xxx.8.13’
set firewall group address-group IP-SSH address ‘xxx.xxx.240.254’
set firewall group address-group IP-SSH address ‘xxx.xxx.11.14’
set firewall group address-group IP-SSH address ‘xxx.xxx.11.30’
set firewall ipv6-receive-redirects ‘disable’
set firewall ipv6-src-route ‘disable’
set firewall ip-src-route ‘disable’
set firewall log-martians ‘enable’
set firewall name SSH-Access default-action ‘drop’
set firewall name SSH-Access rule 1 action ‘accept’
set firewall name SSH-Access rule 1 destination port ‘9999’
set firewall name SSH-Access rule 1 protocol ‘tcp’
set firewall name SSH-Access rule 1 source group address-group ‘IP-SSH’
set firewall name SSH-Access rule 2 action ‘accept’
set firewall name SSH-Access rule 2 protocol ‘ospf’
set firewall name SSH-Access rule 3 action ‘accept’
set firewall name SSH-Access rule 3 protocol ‘icmp’
set firewall name SSH-Access rule 4 action ‘accept’
set firewall name SSH-Access rule 4 destination port ‘161’
set firewall name SSH-Access rule 4 protocol ‘udp’
set firewall receive-redirects ‘disable’
set firewall send-redirects ‘disable’
set firewall source-validation ‘disable’
set firewall syn-cookies ‘enable’
set firewall twa-hazards-protection ‘disable’
set interfaces ethernet eth0 address ‘xxx.xxx.13.5/30’
set interfaces ethernet eth0 hw-id ‘xx:xx:xx:xx:xx:78’
set interfaces ethernet eth1 address ‘xxx.xxx.249.18/30’
set interfaces ethernet eth1 description ‘Remote Vyos’
set interfaces ethernet eth1 hw-id ‘xx:xx:xx:xx:xx:79’
set interfaces ethernet eth2 description ‘NAP Backbone’
set interfaces ethernet eth2 disable-flow-control
set interfaces ethernet eth2 hw-id ‘xx:xx:xx:xx:xx:71’
set interfaces ethernet eth2 ip disable-forwarding
set interfaces ethernet eth2 ip disable-arp-filter
set interfaces ethernet eth2 offload gro
set interfaces ethernet eth2 offload lro
set interfaces ethernet eth2 offload sg
set interfaces ethernet eth2 offload tso
set interfaces ethernet eth2 vif 150 address ‘xxx.xxx.242.42/30’
set interfaces ethernet eth2 vif 150 address ‘xxxx:xxxx:a:2::2/126’
set interfaces ethernet eth2 vif 150 description ‘PTP-xxxxx’
set interfaces ethernet eth2 vif 171 address ‘xxx.xxx.249.13/30’
set interfaces ethernet eth2 vif 171 description ‘xxxxxxx’
set interfaces ethernet eth2 vif 269 address ‘xxx.xxx.127.136/25’
set interfaces ethernet eth2 vif 269 description ‘xxxxx’
set interfaces ethernet eth2 vif 400 address ‘xxx.xxx.99.18/30’
set interfaces ethernet eth2 vif 400 address ‘xxxx:xxxx:1001:1::52/126’
set interfaces ethernet eth2 vif 400 description ‘xxxxxxx’
set interfaces ethernet eth2 vif 401 address ‘xxx.xxx.39.164/23’
set interfaces ethernet eth2 vif 401 address ‘xxxx:xxxx:1000:8:0:1:3815:101/64’
set interfaces ethernet eth2 vif 401 description ‘xxxxxx’
set interfaces ethernet eth3 description ‘xxxxxx’
set interfaces ethernet eth3 disable-flow-control
set interfaces ethernet eth3 hw-id ‘xx:xx:xx:xx:xx:70’
set interfaces ethernet eth3 ip disable-forwarding
set interfaces ethernet eth3 ip disable-arp-filter
set interfaces ethernet eth3 offload gro
set interfaces ethernet eth3 offload lro
set interfaces ethernet eth3 offload sg
set interfaces ethernet eth3 offload tso
set interfaces ethernet eth3 vif 402 address ‘xxx.xxx.249.1/30’
set interfaces ethernet eth3 vif 402 address ‘xxx.xxx.13.1/30’
set interfaces ethernet eth3 vif 402 description ‘Cust-xxxxx’
set interfaces ethernet eth3 vif 402 disable-link-detect
set interfaces ethernet eth3 vif 403 address ‘xxx.xxx.249.5/30’
set interfaces ethernet eth3 vif 403 description ‘Cust-xxxxxx’
set interfaces ethernet eth3 vif 404 address ‘xxx.xxx.249.21/30’
set interfaces ethernet eth3 vif 404 address ‘xxxx:xxxx:0:5::1/126’
set interfaces ethernet eth3 vif 404 address ‘xxx.xxx.211.1/29’
set interfaces ethernet eth3 vif 404 description ‘PTP-xxxxx’
set interfaces loopback lo address ‘xxx.xxx.242.3/32’
set policy as-path-list Discard-xxxxx-IN rule 10 action ‘deny’
set policy as-path-list Discard-xxxxx-IN rule 10 regex ‘7717_7713’
set policy as-path-list Discard-xxxxx-IN rule 30 action ‘permit’
set policy as-path-list Discard-xxxxx-IN rule 30 regex ‘.’
set policy as-path-list xxxxx-IN rule 10 action ‘deny’
set policy as-path-list xxxxx-IN rule 10 regex ‘^7597_17922_’
set policy as-path-list xxxxx-IN rule 20 action ‘deny’
set policy as-path-list xxxxx-IN rule 20 regex ‘^7597_7713_’
set policy as-path-list xxxxx-IN rule 30 action ‘deny’
set policy as-path-list xxxxx-IN rule 30 regex ‘^7597_136106_’
set policy as-path-list xxxxx-IN rule 40 action ‘permit’
set policy as-path-list xxxxx-IN rule 40 regex '.’
set policy as-path-list xxxxx-IN rule 10 action ‘deny’
set policy as-path-list xxxxx-IN rule 10 regex ‘^7717_17922_’
set policy as-path-list xxxxx-IN rule 20 action ‘deny’
set policy as-path-list xxxxx-IN rule 20 regex ‘^7717_7713_’
set policy as-path-list xxxxx-IN rule 30 action ‘deny’
set policy as-path-list xxxxx-IN rule 30 regex ‘^7717_136106_’
set policy as-path-list xxxxx-IN rule 40 action ‘permit’
set policy as-path-list xxxxx-IN rule 40 regex ‘.’
set policy as-path-list Regexp-BGP-Cust rule 10 action ‘permit’
set policy as-path-list Regexp-BGP-Cust rule 10 description ‘IP-BGP-xxxxx’
set policy as-path-list Regexp-BGP-Cust rule 10 regex ‘^(141675_)+$’
set policy as-path-list Regexp-BGP-Cust rule 20 action ‘permit’
set policy as-path-list Regexp-BGP-Cust rule 20 description ‘IP-BGP-xxxxx’
set policy as-path-list Regexp-BGP-Cust rule 20 regex ‘^(136079_)+$’
set policy as-path-list Regexp-BGP-Cust rule 30 action ‘permit’
set policy as-path-list Regexp-BGP-Cust rule 30 description ‘IP-xxxxx’
set policy as-path-list Regexp-BGP-Cust rule 30 regex ‘^(141675_)+(141059_)+$’
set policy as-path-list xxx-In rule 10 action ‘permit’
set policy as-path-list xxx-In rule 10 regex ‘^38150_’
set policy as-path-list xxx-In rule 20 action ‘deny’
set policy as-path-list xxx-In rule 20 regex '.’
set policy as-path-list as-path-xxxxx rule 10 action ‘permit’
set policy as-path-list as-path-xxxxx rule 10 regex ‘^(136079_)+$’
set policy as-path-list as-path-xxxxx rule 10 action ‘permit’
set policy as-path-list as-path-xxxxx rule 10 regex ‘^(141675_)+$’
set policy as-path-list as-path-xxxxx rule 20 action ‘permit’
set policy as-path-list as-path-xxxxx rule 20 regex ‘^(141675_)+(141059_)+$’
set policy as-path-list as-path-xxxxx rule 30 action ‘deny’
set policy as-path-list as-path-xxxxx rule 30 regex ‘.’
set policy as-path-list as-path-allroute rule 10 action ‘permit’
set policy as-path-list as-path-allroute rule 10 regex '.’
set policy prefix-list IP-xxxxx rule 1 action ‘permit’
set policy prefix-list IP-xxxxx rule 1 prefix ‘xxx.xxx.100.0/24’
set policy prefix-list IP-xxxxx rule 2 action ‘permit’
set policy prefix-list IP-xxxxx rule 2 prefix ‘xxx.xxx.101.0/24’
set policy prefix-list IP-xxxxx rule 3 action ‘permit’
set policy prefix-list IP-xxxxx rule 3 prefix ‘xxx.xxx.9.0/24’
set policy prefix-list IP-Default rule 10 action ‘permit’
set policy prefix-list IP-Default rule 10 prefix ‘xxx.xxx.0.0/0’
set policy prefix-list IP-xxxxx rule 1 action ‘permit’
set policy prefix-list IP-xxxxx rule 1 prefix ‘xxx.xxx.240.0/24’
set policy prefix-list IP-xxxxx rule 2 action ‘permit’
set policy prefix-list IP-xxxxx rule 2 prefix ‘xxx.xxx.241.0/24’
set policy prefix-list IP-xxxxx rule 3 action ‘permit’
set policy prefix-list IP-xxxxx rule 3 prefix ‘xxx.xxx.243.0/24’
set policy prefix-list IP-xxxxx rule 4 action ‘permit’
set policy prefix-list IP-xxxxx rule 4 prefix ‘xxx.xxx.244.0/24’
set policy prefix-list IP-xxxxx rule 5 action ‘deny’
set policy prefix-list IP-xxxxx rule 5 prefix ‘xxx.xxx.245.0/24’
set policy prefix-list IP-xxxxx rule 6 action ‘permit’
set policy prefix-list IP-xxxxx rule 6 prefix ‘xxx.xxx.249.0/24’
set policy prefix-list IP-xxxxx rule 7 action ‘permit’
set policy prefix-list IP-xxxxx rule 7 prefix ‘xxx.xxx.250.0/24’
set policy prefix-list IP-xxxxx rule 8 action ‘permit’
set policy prefix-list IP-xxxxx rule 8 prefix ‘xxx.xxx.251.0/24’
set policy prefix-list IP-xxxxx rule 9 action ‘permit’
set policy prefix-list IP-xxxxx rule 9 prefix ‘xxx.xxx.252.0/24’
set policy prefix-list IP-xxxxx rule 10 action ‘permit’
set policy prefix-list IP-xxxxx rule 10 prefix ‘xxx.xxx.253.0/24’
set policy prefix-list IP-xxxxx rule 11 action ‘permit’
set policy prefix-list IP-xxxxx rule 11 prefix ‘xxx.xxx.254.0/24’
set policy prefix-list IP-xxxxx rule 12 action ‘permit’
set policy prefix-list IP-xxxxx rule 12 prefix ‘xxx.xxx.255.0/24’
set policy prefix-list IP-xxxxx rule 14 action ‘deny’
set policy prefix-list IP-xxxxx rule 14 prefix ‘xxx.xxx.9.0/24’
set policy prefix-list IP-xxxxx rule 15 action ‘permit’
set policy prefix-list IP-xxxxx rule 15 le ‘24’
set policy prefix-list IP-xxxxx rule 15 prefix ‘xxx.xxx.8.0/21’
set policy prefix-list IP-xxxxx rule 16 action ‘deny’
set policy prefix-list IP-xxxxx rule 16 prefix ‘xxx.xxx.246.0/24’
set policy prefix-list IP-xxxxx rule 17 action ‘deny’
set policy prefix-list IP-xxxxx rule 17 prefix ‘xxx.xxx.247.0/24’
set policy prefix-list IP-xxxxx rule 18 action ‘deny’
set policy prefix-list IP-xxxxx rule 18 prefix ‘xxx.xxx.248.0/24’
set policy prefix-list IP-xxxxx rule 1 action ‘permit’
set policy prefix-list IP-xxxxx rule 1 prefix ‘xxx.xxx.240.0/24’
set policy prefix-list IP-xxxxx rule 2 action ‘permit’
set policy prefix-list IP-xxxxx rule 2 prefix ‘xxx.xxx.241.0/24’
set policy prefix-list IP-xxxxx rule 3 action ‘permit’
set policy prefix-list IP-xxxxx rule 3 prefix ‘xxx.xxx.243.0/24’
set policy prefix-list IP-xxxxx rule 4 action ‘permit’
set policy prefix-list IP-xxxxx rule 4 prefix ‘xxx.xxx.244.0/24’
set policy prefix-list IP-xxxxx rule 5 action ‘deny’
set policy prefix-list IP-xxxxx rule 5 prefix ‘xxx.xxx.245.0/24’
set policy prefix-list IP-xxxxx rule 6 action ‘permit’
set policy prefix-list IP-xxxxx rule 6 prefix ‘xxx.xxx.249.0/24’
set policy prefix-list IP-xxxxx rule 7 action ‘permit’
set policy prefix-list IP-xxxxx rule 7 prefix ‘xxx.xxx.250.0/24’
set policy prefix-list IP-xxxxx rule 8 action ‘permit’
set policy prefix-list IP-xxxxx rule 8 prefix ‘xxx.xxx.251.0/24’
set policy prefix-list IP-xxxxx rule 9 action ‘permit’
set policy prefix-list IP-xxxxx rule 9 prefix ‘xxx.xxx.252.0/24’
set policy prefix-list IP-xxxxx rule 10 action ‘permit’
set policy prefix-list IP-xxxxx rule 10 prefix ‘xxx.xxx.253.0/24’
set policy prefix-list IP-xxxxx rule 11 action ‘permit’
set policy prefix-list IP-xxxxx rule 11 prefix ‘xxx.xxx.254.0/24’
set policy prefix-list IP-xxxxx rule 12 action ‘permit’
set policy prefix-list IP-xxxxx rule 12 prefix ‘xxx.xxx.255.0/24’
set policy prefix-list IP-xxxxx rule 14 action ‘deny’
set policy prefix-list IP-xxxxx rule 14 prefix ‘xxx.xxx.9.0/24’
set policy prefix-list IP-xxxxx rule 15 action ‘permit’
set policy prefix-list IP-xxxxx rule 15 le ‘24’
set policy prefix-list IP-xxxxx rule 15 prefix ‘xxx.xxx.8.0/21’
set policy prefix-list IP-xxxxx rule 16 action ‘deny’
set policy prefix-list IP-xxxxx rule 16 prefix ‘xxx.xxx.246.0/24’
set policy prefix-list IP-xxxxx rule 17 action ‘deny’
set policy prefix-list IP-xxxxx rule 17 prefix ‘xxx.xxx.247.0/24’
set policy prefix-list IP-xxxxx rule 18 action ‘deny’
set policy prefix-list IP-xxxxx rule 18 prefix ‘xxx.xxx.248.0/24’
set policy prefix-list IP-xxxxx rule 1 action ‘permit’
set policy prefix-list IP-xxxxx rule 1 prefix ‘xxx.xxx.240.0/24’
set policy prefix-list IP-xxxxx rule 2 action ‘permit’
set policy prefix-list IP-xxxxx rule 2 prefix ‘xxx.xxx.241.0/24’
set policy prefix-list IP-xxxxx rule 3 action ‘permit’
set policy prefix-list IP-xxxxx rule 3 prefix ‘xxx.xxx.243.0/24’
set policy prefix-list IP-xxxxx rule 4 action ‘permit’
set policy prefix-list IP-xxxxx rule 4 prefix ‘xxx.xxx.244.0/24’
set policy prefix-list IP-xxxxx rule 5 action ‘permit’
set policy prefix-list IP-xxxxx rule 5 prefix ‘xxx.xxx.245.0/24’
set policy prefix-list IP-xxxxx rule 6 action ‘permit’
set policy prefix-list IP-xxxxx rule 6 prefix ‘xxx.xxx.249.0/24’
set policy prefix-list IP-xxxxx rule 7 action ‘permit’
set policy prefix-list IP-xxxxx rule 7 prefix ‘xxx.xxx.250.0/24’
set policy prefix-list IP-xxxxx rule 8 action ‘permit’
set policy prefix-list IP-xxxxx rule 8 prefix ‘xxx.xxx.251.0/24’
set policy prefix-list IP-xxxxx rule 9 action ‘permit’
set policy prefix-list IP-xxxxx rule 9 prefix ‘xxx.xxx.252.0/24’
set policy prefix-list IP-xxxxx rule 10 action ‘permit’
set policy prefix-list IP-xxxxx rule 10 prefix ‘xxx.xxx.253.0/24’
set policy prefix-list IP-xxxxx rule 11 action ‘permit’
set policy prefix-list IP-xxxxx rule 11 prefix ‘xxx.xxx.254.0/24’
set policy prefix-list IP-xxxxx rule 12 action ‘permit’
set policy prefix-list IP-xxxxx rule 12 prefix ‘xxx.xxx.255.0/24’
set policy prefix-list IP-xxxxx rule 13 action ‘permit’
set policy prefix-list IP-xxxxx rule 13 prefix ‘xxx.xxx.8.0/24’
set policy prefix-list IP-xxxxx rule 14 action ‘permit’
set policy prefix-list IP-xxxxx rule 14 prefix ‘xxx.xxx.10.0/24’
set policy prefix-list IP-xxxxx rule 15 action ‘permit’
set policy prefix-list IP-xxxxx rule 15 prefix ‘xxx.xxx.11.0/24’
set policy prefix-list IP-xxxxx rule 16 action ‘permit’
set policy prefix-list IP-xxxxx rule 16 prefix ‘xxx.xxx.12.0/24’
set policy prefix-list IP-xxxxx rule 17 action ‘permit’
set policy prefix-list IP-xxxxx rule 17 prefix ‘xxx.xxx.13.0/24’
set policy prefix-list IP-xxxxx rule 18 action ‘permit’
set policy prefix-list IP-xxxxx rule 18 prefix ‘xxx.xxx.14.0/24’
set policy prefix-list IP-xxxxx rule 19 action ‘permit’
set policy prefix-list IP-xxxxx rule 19 prefix ‘xxx.xxx.15.0/24’
set policy prefix-list IP-xxxxx rule 1 action ‘permit’
set policy prefix-list IP-xxxxx rule 1 prefix ‘xxx.xxx.240.0/24’
set policy prefix-list IP-xxxxx rule 2 action ‘permit’
set policy prefix-list IP-xxxxx rule 2 prefix ‘xxx.xxx.241.0/24’
set policy prefix-list IP-xxxxx rule 3 action ‘permit’
set policy prefix-list IP-xxxxx rule 3 prefix ‘xxx.xxx.8.0/24’
set policy prefix-list IP-xxxxx rule 4 action ‘permit’
set policy prefix-list IP-xxxxx rule 4 prefix ‘xxx.xxx.10.0/24’
set policy prefix-list IP-xxxxx rule 5 action ‘permit’
set policy prefix-list IP-xxxxx rule 5 prefix ‘xxx.xxx.11.0/24’
set policy prefix-list IP-xxxxx rule 6 action ‘permit’
set policy prefix-list IP-xxxxx rule 6 prefix ‘xxx.xxx.12.0/24’
set policy prefix-list IP-xxxxx rule 7 action ‘permit’
set policy prefix-list IP-xxxxx rule 7 prefix ‘xxx.xxx.13.0/24’
set policy prefix-list IP-xxxxx rule 8 action ‘permit’
set policy prefix-list IP-xxxxx rule 8 prefix ‘xxx.xxx.14.0/24’
set policy prefix-list IP-xxxxx rule 9 action ‘permit’
set policy prefix-list IP-xxxxx rule 9 prefix ‘xxx.xxx.15.0/24’
set policy prefix-list IP-xxxxx rule 10 action ‘permit’
set policy prefix-list IP-xxxxx rule 10 prefix ‘xxx.xxx.243.0/24’
set policy prefix-list IP-xxxxx rule 11 action ‘permit’
set policy prefix-list IP-xxxxx rule 11 prefix ‘xxx.xxx.244.0/24’
set policy prefix-list IP-xxxxx rule 12 action ‘permit’
set policy prefix-list IP-xxxxx rule 12 prefix ‘xxx.xxx.249.0/24’
set policy prefix-list IP-xxxxx rule 13 action ‘permit’
set policy prefix-list IP-xxxxx rule 13 prefix ‘xxx.xxx.250.0/24’
set policy prefix-list IP-xxxxx rule 14 action ‘permit’
set policy prefix-list IP-xxxxx rule 14 prefix ‘xxx.xxx.251.0/24’
set policy prefix-list IP-xxxxx rule 15 action ‘permit’
set policy prefix-list IP-xxxxx rule 15 prefix ‘xxx.xxx.252.0/24’
set policy prefix-list IP-xxxxx rule 16 action ‘permit’
set policy prefix-list IP-xxxxx rule 16 prefix ‘xxx.xxx.253.0/24’
set policy prefix-list IP-xxxxx rule 17 action ‘permit’
set policy prefix-list IP-xxxxx rule 17 prefix ‘xxx.xxx.254.0/24’
set policy prefix-list IP-xxxxx rule 18 action ‘permit’
set policy prefix-list IP-xxxxx rule 18 prefix ‘xxx.xxx.255.0/24’
set policy prefix-list IP-xxxxx rule 1 action ‘permit’
set policy prefix-list IP-xxxxx rule 1 prefix ‘xxx.xxx.27.0/24’
set policy prefix-list IP-xxxxx rule 2 action ‘permit’
set policy prefix-list IP-xxxxx rule 2 prefix ‘xxx.xxx.125.0/24’
set policy prefix-list IP-xxxxx rule 1 action ‘permit’
set policy prefix-list IP-xxxxx rule 1 prefix ‘xxx.xxx.240.0/24’
set policy prefix-list IP-xxxxx rule 2 action ‘permit’
set policy prefix-list IP-xxxxx rule 2 prefix ‘xxx.xxx.241.0/24’
set policy prefix-list IP-xxxxx rule 3 action ‘permit’
set policy prefix-list IP-xxxxx rule 3 prefix ‘xxx.xxx.243.0/24’
set policy prefix-list IP-xxxxx rule 4 action ‘permit’
set policy prefix-list IP-xxxxx rule 4 prefix ‘xxx.xxx.244.0/24’
set policy prefix-list IP-xxxxx rule 6 action ‘permit’
set policy prefix-list IP-xxxxx rule 6 prefix ‘xxx.xxx.249.0/24’
set policy prefix-list IP-xxxxx rule 7 action ‘permit’
set policy prefix-list IP-xxxxx rule 7 prefix ‘xxx.xxx.250.0/24’
set policy prefix-list IP-xxxxx rule 8 action ‘permit’
set policy prefix-list IP-xxxxx rule 8 prefix ‘xxx.xxx.251.0/24’
set policy prefix-list IP-xxxxx rule 9 action ‘permit’
set policy prefix-list IP-xxxxx rule 9 prefix ‘xxx.xxx.252.0/24’
set policy prefix-list IP-xxxxx rule 10 action ‘permit’
set policy prefix-list IP-xxxxx rule 10 prefix ‘xxx.xxx.253.0/24’
set policy prefix-list IP-xxxxx rule 11 action ‘permit’
set policy prefix-list IP-xxxxx rule 11 prefix ‘xxx.xxx.254.0/24’
set policy prefix-list IP-xxxxx rule 12 action ‘permit’
set policy prefix-list IP-xxxxx rule 12 prefix ‘xxx.xxx.255.0/24’
set policy prefix-list IP-xxxxx rule 13 action ‘permit’
set policy prefix-list IP-xxxxx rule 13 prefix ‘xxx.xxx.8.0/24’
set policy prefix-list IP-xxxxx rule 14 action ‘permit’
set policy prefix-list IP-xxxxx rule 14 prefix ‘xxx.xxx.10.0/24’
set policy prefix-list IP-xxxxx rule 15 action ‘permit’
set policy prefix-list IP-xxxxx rule 15 prefix ‘xxx.xxx.11.0/24’
set policy prefix-list IP-xxxxx rule 16 action ‘permit’
set policy prefix-list IP-xxxxx rule 16 prefix ‘xxx.xxx.12.0/24’
set policy prefix-list IP-xxxxx rule 17 action ‘permit’
set policy prefix-list IP-xxxxx rule 17 prefix ‘xxx.xxx.13.0/24’
set policy prefix-list IP-xxxxx rule 18 action ‘permit’
set policy prefix-list IP-xxxxx rule 18 prefix ‘xxx.xxx.14.0/24’
set policy prefix-list IP-xxxxx rule 19 action ‘permit’
set policy prefix-list IP-xxxxx rule 19 prefix ‘xxx.xxx.15.0/24’
set policy prefix-list IP-xxxxx-Cust rule 1 action ‘permit’
set policy prefix-list IP-xxxxx-Cust rule 1 prefix ‘xxx.xxx.125.0/24’
set policy prefix-list IP-xxxxx-Cust rule 2 action ‘permit’
set policy prefix-list IP-xxxxx-Cust rule 2 prefix ‘xxx.xxx.27.0/24’
set policy prefix-list IP-xxxxx rule 1 action ‘permit’
set policy prefix-list IP-xxxxx rule 1 prefix ‘xxx.xxx.13.0/24’
set policy prefix-list6 IPV6-xxxxx rule 1 action ‘permit’
set policy prefix-list6 IPV6-xxxxx rule 1 prefix ‘xxxx:xxxx::/48’
set policy prefix-list6 IPV6-xxxxx rule 2 action ‘permit’
set policy prefix-list6 IPV6-xxxxx rule 2 prefix ‘xxxx:xxxx:1::/48’
set policy prefix-list6 IPV6-xxxxx rule 3 action ‘permit’
set policy prefix-list6 IPV6-xxxxx rule 3 prefix ‘xxxx:xxxx:2::/48’
set policy prefix-list6 IPV6-xxxxx rule 4 action ‘permit’
set policy prefix-list6 IPV6-xxxxx rule 4 prefix ‘xxxx:xxxx:3::/48’
set policy prefix-list6 IPV6-xxxxx rule 1 action ‘permit’
set policy prefix-list6 IPV6-xxxxx rule 1 prefix ‘xxxx:xxxx::/48’
set policy prefix-list6 IPV6-xxxxx rule 2 action ‘permit’
set policy prefix-list6 IPV6-xxxxx rule 2 prefix ‘xxxx:xxxx:1::/48’
set policy prefix-list6 IPV6-xxxxx rule 3 action ‘permit’
set policy prefix-list6 IPV6-xxxxx rule 3 prefix ‘xxxx:xxxx:2::/48’
set policy prefix-list6 IPV6-xxxxx rule 4 action ‘permit’
set policy prefix-list6 IPV6-xxxxx rule 4 prefix ‘xxxx:xxxx:3::/48’
set policy prefix-list6 IPV6-xxxxx rule 1 action ‘permit’
set policy prefix-list6 IPV6-xxxxx rule 1 prefix ‘xxxx:xxxx::/48’
set policy prefix-list6 IPV6-xxxxx rule 2 action ‘permit’
set policy prefix-list6 IPV6-xxxxx rule 2 prefix ‘xxxx:xxxx:1::/48’
set policy prefix-list6 IPV6-xxxxx rule 3 action ‘permit’
set policy prefix-list6 IPV6-xxxxx rule 3 prefix ‘xxxx:xxxx:2::/48’
set policy prefix-list6 IPV6-xxxxx rule 4 action ‘permit’
set policy prefix-list6 IPV6-xxxxx rule 4 prefix ‘xxxx:xxxx:3::/48’
set policy route-map BGP-Bitbox-Out rule 1 action ‘permit’
set policy route-map BGP-Bitbox-Out rule 1 match as-path ‘as-path-allroute’
set policy route-map BGP-xxxxx-IN rule 1 action ‘permit’
set policy route-map BGP-xxxxx-IN rule 1 match as-path ‘Discard-xxxxx-IN’
set policy route-map BGP-xxxxx-IN rule 2 action ‘permit’
set policy route-map BGP-xxxxx-IN rule 2 match as-path ‘as-path-allroute’
set policy route-map BGP-xxxxx-OUT rule 1 action ‘permit’
set policy route-map BGP-xxxxx-OUT rule 1 match ip address prefix-list ‘IP-xxxxx’
set policy route-map BGP-xxxxx-OUT rule 1 set
set policy route-map BGP-xxxxx-OUT rule 2 action ‘permit’
set policy route-map BGP-xxxxx-OUT rule 2 match as-path ‘Regexp-BGP-Cust’
set policy route-map BGP-xxxxx-IPv6-OUT rule 1 action ‘permit’
set policy route-map BGP-xxxxx-IPv6-OUT rule 1 match ipv6 address prefix-list ‘IPV6-xxxxx’
set policy route-map BGP-xxxxx-IN rule 1 action ‘permit’
set policy route-map BGP-xxxxx-IN rule 1 match as-path ‘as-path-allroute’
set policy route-map BGP-xxxxx-OUT rule 1 action ‘permit’
set policy route-map BGP-xxxxx-OUT rule 1 match ip address prefix-list ‘IP-xxxxx’
set policy route-map BGP-xxxxx-OUT rule 2 action ‘permit’
set policy route-map BGP-xxxxx-OUT rule 2 match as-path ‘Regexp-BGP-Cust’
set policy route-map BGP-xxxxx-IPv6-OUT rule 1 action ‘permit’
set policy route-map BGP-xxxxx-IPv6-OUT rule 1 match ipv6 address prefix-list ‘IPV6-xxxxx’
set policy route-map BGP-xxxxx-IN rule 1 action ‘permit’
set policy route-map BGP-xxxxx-IN rule 1 match as-path ‘xxxxx-IN’
set policy route-map BGP-xxxxx-OUT rule 1 action ‘permit’
set policy route-map BGP-xxxxx-OUT rule 1 match ip address prefix-list ‘IP-xxxxx’
set policy route-map BGP-xxxxx-IN rule 1 action ‘permit’
set policy route-map BGP-xxxxx-IN rule 1 match as-path ‘xxxxx-IN’
set policy route-map BGP-xxxxx-OUT rule 10 action ‘permit’
set policy route-map BGP-xxxxx-OUT rule 10 match ip address prefix-list ‘IP-xxxxx’
set policy route-map BGP-xxxxx-OUT rule 20 action ‘permit’
set policy route-map BGP-xxxxx-OUT rule 20 match as-path ‘Regexp-BGP-Cust’
set policy route-map BGP-xxxxx-IPv6-OUT rule 1 action ‘permit’
set policy route-map BGP-xxxxx-IPv6-OUT rule 1 match ipv6 address prefix-list ‘IPV6-xxxxx’
set policy route-map BGP-xxx-In rule 1 action ‘permit’
set policy route-map BGP-xxx-In rule 1 set local-preference ‘400’
set policy route-map BGP-xxx-Out rule 1 action ‘permit’
set policy route-map BGP-xxx-Out rule 1 match ip address prefix-list ‘IP-xxxxx’
set policy route-map BGP-xxx-Out rule 2 action ‘permit’
set policy route-map BGP-xxx-Out rule 2 match as-path ‘Regexp-BGP-Cust’
set policy route-map BGP-xxx-xxxxx-IN rule 1 action ‘permit’
set policy route-map BGP-xxx-xxxxx-IN rule 1 match ip address prefix-list ‘IP-Default’
set policy route-map BGP-xxx-xxxxx-OUT rule 1 action ‘permit’
set policy route-map BGP-xxx-xxxxx-OUT rule 1 match ip address prefix-list ‘IP-xxxxx’
set policy route-map BGP-xxx-xxxxx-OUT rule 1 set as-path-prepend ‘38150’
set policy route-map BGP-xxx-xxxxx-OUT rule 2 action ‘permit’
set policy route-map BGP-xxx-xxxxx-OUT rule 2 match as-path ‘Regexp-BGP-Cust’
set policy route-map BGP-xxx-xxxxx-OUT rule 2 set as-path-prepend ‘38150 38150 38150’
set policy route-map Cust-xxxxx-In rule 1 action ‘permit’
set policy route-map Cust-xxxxx-In rule 1 match as-path ‘as-path-xxxxx’
set policy route-map Cust-xxxxx-In rule 1 set local-preference ‘2000’
set policy route-map Cust-xxxxx-Out rule 1 action ‘permit’
set policy route-map Cust-xxxxx-Out rule 1 match as-path ‘as-path-allroute’
set policy route-map Cust-xxxxx-In rule 1 action ‘permit’
set policy route-map Cust-xxxxx-In rule 1 match as-path ‘as-path-xxxxx’
set policy route-map Cust-xxxxx-In rule 1 set local-preference ‘500’
set policy route-map Cust-xxxxx-Out rule 1 action ‘permit’
set policy route-map Cust-xxxxx-Out rule 1 match as-path ‘as-path-allroute’
set protocols bgp XXXXXX address-family ipv4-unicast network xxx.xxx.249.0/24
set protocols bgp XXXXXX address-family ipv4-unicast network xxx.xxx.13.0/24
set protocols bgp XXXXXX neighbor xxx.xxx.127.129 address-family ipv4-unicast route-map export ‘BGP-xxxxx-OUT’
set protocols bgp XXXXXX neighbor xxx.xxx.127.129 address-family ipv4-unicast route-map import ‘BGP-xxxxx-IN’
set protocols bgp XXXXXX neighbor xxx.xxx.127.129 description ‘BGP-xxxxx’
set protocols bgp XXXXXX neighbor xxx.xxx.127.129 remote-as ‘7597’
set protocols bgp XXXXXX neighbor xxx.xxx.127.253 address-family ipv4-unicast route-map export ‘BGP-xxxxx-OUT’
set protocols bgp XXXXXX neighbor xxx.xxx.127.253 address-family ipv4-unicast route-map import ‘BGP-xxxxx-IN’
set protocols bgp XXXXXX neighbor xxx.xxx.127.253 description ‘BGP-xxxxx-RS’
set protocols bgp XXXXXX neighbor xxx.xxx.127.253 remote-as ‘7597’
set protocols bgp XXXXXX neighbor xxx.xxx.99.17 address-family ipv4-unicast route-map export ‘BGP-xxxxx-OUT’
set protocols bgp XXXXXX neighbor xxx.xxx.99.17 address-family ipv4-unicast route-map import ‘BGP-xxxxx-IN’
set protocols bgp XXXXXX neighbor xxx.xxx.99.17 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.99.17 remote-as ‘4761’
set protocols bgp XXXXXX neighbor xxx.xxx.38.1 address-family ipv4-unicast route-map export ‘BGP-xxxxx-OUT’
set protocols bgp XXXXXX neighbor xxx.xxx.38.1 address-family ipv4-unicast route-map import ‘BGP-xxxxx-IN’
set protocols bgp XXXXXX neighbor xxx.xxx.38.1 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.38.1 remote-as ‘17922’
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 address-family ipv4-unicast nexthop-self
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 address-family ipv4-unicast route-map export ‘BGP-xxxxx-OUT’
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 address-family ipv4-unicast route-map import ‘BGP-xxxxx-IN’
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 address-family ipv4-unicast route-reflector-client
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 remote-as ‘38150’
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 update-source ‘xxx.xxx.242.3’
set protocols bgp XXXXXX neighbor xxx.xxx.249.2 address-family ipv4-unicast route-map export ‘Cust-xxxxx-Out’
set protocols bgp XXXXXX neighbor xxx.xxx.249.2 address-family ipv4-unicast route-map import ‘Cust-xxxxx-In’
set protocols bgp XXXXXX neighbor xxx.xxx.249.2 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.249.2 description ‘Cust-xxxxx’
set protocols bgp XXXXXX neighbor xxx.xxx.249.2 remote-as ‘136079’
set protocols bgp XXXXXX neighbor xxx.xxx.249.6 address-family ipv4-unicast route-map export ‘Cust-xxxxx-Out’
set protocols bgp XXXXXX neighbor xxx.xxx.249.6 address-family ipv4-unicast route-map import ‘Cust-xxxxx-In’
set protocols bgp XXXXXX neighbor xxx.xxx.249.6 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.249.6 description ‘Cust-xxxxx’
set protocols bgp XXXXXX neighbor xxx.xxx.249.6 remote-as ‘141675’
set protocols bgp XXXXXX neighbor xxx.xxx.249.14 address-family ipv4-unicast nexthop-self
set protocols bgp XXXXXX neighbor xxx.xxx.249.14 address-family ipv4-unicast route-map export ‘BGP-xxx-xxxxx-OUT’
set protocols bgp XXXXXX neighbor xxx.xxx.249.14 address-family ipv4-unicast route-reflector-client
set protocols bgp XXXXXX neighbor xxx.xxx.249.14 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.249.14 description ‘BGP-xxx-TELKOM’
set protocols bgp XXXXXX neighbor xxx.xxx.249.14 remote-as ‘38150’
set protocols bgp XXXXXX neighbor xxx.xxx.249.17 address-family ipv4-unicast nexthop-self
set protocols bgp XXXXXX neighbor xxx.xxx.249.17 address-family ipv4-unicast route-map export ‘BGP-xxx-Out’
set protocols bgp XXXXXX neighbor xxx.xxx.249.17 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.249.17 description ‘BGP-xxx-AS38150’
set protocols bgp XXXXXX neighbor xxx.xxx.249.17 remote-as ‘38150’
set protocols bgp XXXXXX neighbor xxx.xxx.249.17 shutdown
set protocols bgp XXXXXX neighbor xxx.xxx.249.22 address-family ipv4-unicast nexthop-self
set protocols bgp XXXXXX neighbor xxx.xxx.249.22 address-family ipv4-unicast route-map export ‘BGP-Bitbox-Out’
set protocols bgp XXXXXX neighbor xxx.xxx.249.22 address-family ipv4-unicast route-reflector-client
set protocols bgp XXXXXX neighbor xxx.xxx.249.22 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.249.22 remote-as ‘38150’
set protocols bgp XXXXXX neighbor xxxx:xxxx:0:5::2 address-family ipv6-unicast nexthop-self
set protocols bgp XXXXXX neighbor xxxx:xxxx:0:5::2 address-family ipv6-unicast route-reflector-client
set protocols bgp XXXXXX neighbor xxxx:xxxx:0:5::2 description ‘BGP-IPv6-xxx-JOG’
set protocols bgp XXXXXX neighbor xxxx:xxxx:0:5::2 remote-as ‘38150’
set protocols bgp XXXXXX neighbor xxxx:xxxx:a:2::1 address-family ipv6-unicast nexthop-self
set protocols bgp XXXXXX neighbor xxxx:xxxx:a:2::1 address-family ipv6-unicast route-map export ‘BGP-xxxxx-IPv6-OUT’
set protocols bgp XXXXXX neighbor xxxx:xxxx:a:2::1 address-family ipv6-unicast route-reflector-client
set protocols bgp XXXXXX neighbor xxxx:xxxx:a:2::1 description ‘BGP-IPV6-xxxxx’
set protocols bgp XXXXXX neighbor xxxx:xxxx:a:2::1 remote-as ‘38150’
set protocols bgp XXXXXX neighbor xxxx:xxxx:1000:8:0:1:7922:1 address-family ipv6-unicast route-map export ‘BGP-xxxxx-IPv6-OUT’
set protocols bgp XXXXXX neighbor xxxx:xxxx:1000:8:0:1:7922:1 description ‘xxxxx-IPv6’
set protocols bgp XXXXXX neighbor xxxx:xxxx:1000:8:0:1:7922:1 remote-as ‘17922’
set protocols bgp XXXXXX neighbor xxxx:xxxx:1001:1::51 address-family ipv6-unicast route-map export ‘BGP-xxxxx-IPv6-OUT’
set protocols bgp XXXXXX neighbor xxxx:xxxx:1001:1::51 description ‘xxxxx-IPV6’
set protocols bgp XXXXXX neighbor xxxx:xxxx:1001:1::51 remote-as ‘4761’
set protocols bgp XXXXXX parameters bestpath as-path multipath-relax
set protocols ospf area 0 network ‘xxx.xxx.249.20/30’
set protocols ospf area 0 network ‘xxx.xxx.249.16/30’
set protocols ospf area 0 network ‘xxx.xxx.242.3/32’
set protocols ospf area 0 network ‘xxx.xxx.242.40/30’
set protocols ospf area 0 network ‘xxx.xxx.249.12/30’
set protocols ospf log-adjacency-changes
set protocols ospf parameters abr-type ‘cisco’
set protocols ospf parameters router-id ‘xxx.xxx.249.21’
set protocols ospf passive-interface ‘eth2’
set protocols ospf passive-interface ‘eth2.400’
set protocols ospf passive-interface ‘eth2.401’
set protocols ospf passive-interface ‘eth3’
set protocols ospf passive-interface ‘eth1’
set protocols ospfv3 area 0 interface ‘eth2.150’
set protocols ospfv3 area 0 interface ‘eth3.404’
set protocols ospfv3 parameters router-id ‘xxx.xxx.249.21’
set protocols static route xxx.xxx.249.0/24 blackhole distance ‘254’
set protocols static route xxx.xxx.13.0/24 blackhole distance ‘254’
set system config-management commit-revisions ‘100’
set system console device ttyS0 speed ‘115200’
set system sysctl custom net.core.rmem_max value ‘446464’
set system sysctl custom net.core.wmem_max value ‘425984’
set system sysctl custom net.ipv4.icmp_ratelimit value ‘1000’
set system sysctl custom net.ipv4.icmp_ratemask value ‘4120’
set system sysctl custom net.ipv6.route.max_size value ‘655360’
set system syslog global facility all level ‘info’
set system syslog global facility protocols level ‘debug’

Apachez · September 11, 2023, 5:42am

Generally things to test out when it comes to optimizations, preferly test them one at a time:

set firewall global-options all-ping 'enable'
set firewall global-options broadcast-ping 'disable'
set firewall global-options ip-src-route 'disable'
set firewall global-options ipv6-receive-redirects 'disable'
set firewall global-options ipv6-src-route 'disable'
set firewall global-options log-martians 'enable'
set firewall global-options receive-redirects 'disable'
set firewall global-options resolver-cache
set firewall global-options resolver-interval '60'
set firewall global-options send-redirects 'disable'
set firewall global-options source-validation 'strict'
set firewall global-options syn-cookies 'enable'
set firewall global-options twa-hazards-protection 'disable'

set interfaces ethernet ethX offload gro
set interfaces ethernet ethX offload gso
set interfaces ethernet ethX offload lro
set interfaces ethernet ethX offload rfs
set interfaces ethernet ethX offload rps
set interfaces ethernet ethX offload sg
set interfaces ethernet ethX offload tso
set interfaces ethernet ethX ring-buffer rx '4096'
set interfaces ethernet ethX ring-buffer tx '4096'

set system conntrack expect-table-size '10485760'
set system conntrack hash-size '10485760'
set system conntrack log icmp new
set system conntrack log other new
set system conntrack log tcp new
set system conntrack log udp new
set system conntrack table-size '10485760'
set system conntrack timeout icmp '10'
set system conntrack timeout other '600'
set system conntrack timeout tcp close '10'
set system conntrack timeout tcp close-wait '30'
set system conntrack timeout tcp established '600'
set system conntrack timeout tcp fin-wait '30'
set system conntrack timeout tcp last-ack '30'
set system conntrack timeout tcp syn-recv '30'
set system conntrack timeout tcp syn-sent '30'
set system conntrack timeout tcp time-wait '30'
set system conntrack timeout udp other '600'
set system conntrack timeout udp stream '600'

set system ip arp table-size '32768'
set system ip disable-directed-broadcast
set system ip multipath layer4-hashing

set system ipv6 multipath layer4-hashing
set system ipv6 neighbor table-size '32768'

set system option performance 'throughput'

set system sysctl parameter vm.swappiness value '1'
set system sysctl parameter vm.vfs_cache_pressure value '50'

For your particular case I would mainly focus on the conntrack options above.

The default conntrack size isnt good in the linux kernel (when used as a router/firewall) along with default tcp/udp timers (who the f**k among the kernel developers thought that 2 weeks established time is sane as default - that is 2 weeks between 2 packets for a single session?).

Also the various conntrack tables sizes will depend on how much RAM you can spare in your box to do the actual routing/firewalling. I have found numbers claiming roughly 350 bytes/entry (incl everything) so a full 10M table would at peak utilize just below 3.4GB RAM.

The above timers are somewhat aggressive, in my design I extend particular flows to max 4 hours when needed (14400 seconds).

Another optimization not mentioned above (since that is more custom) is to utilize “ignore” when you setup firewall/nat-rules. Ignore is “NOTRACK” in nftables lingo meaning that particular flow wont occupy space in the various conntrack tables.

Also note that examples above is from 1.4-rolling (nowadays 1.5-rolling) so some commands might be missing in 1.3.x.

tantomo · September 11, 2023, 6:17am

Thank you @Apachez for the advice.
How about disable the conntrackd.service? is it fine? i don’t wanna use the conntrack

Apachez · September 11, 2023, 6:22am

Yeah that should work aswell. However conntrack will still be used for input/output (services on the VyOS itself) iI recall it correctly so altering the timeouts is something I would do anyway.

Note however that disable conntrack didnt work properly and was just recently fixed.

tantomo · September 12, 2023, 9:38am

Unfortunately, i’m still got ntpd[8391]: routing socket reports: No buffer space available log from my vyos router with this optimizations.
What exactly that log? Does it affect on Vyos performance?
Why it came from ntpd?

Apachez · September 12, 2023, 10:00am

Whats the output of “free” when this happens and “conntrack -L | wc -l” ?

Also can you paste how your config looks like after optimizations?

That is output of “show config commands | strip-private”.

tantomo · September 13, 2023, 2:05am

the output of “free”

              total        used        free      shared  buff/cache   available
Mem:       16363712     3714888    12109068       85904      539756    12231760
Swap:             0           0           0

$ conntrack -L | wc -l
conntrack v1.4.6 (conntrack-tools): 0 flow entries have been shown.
0

tantomo · September 13, 2023, 2:09am

And this my config after optimizations,

set firewall all-ping 'enable'
set firewall broadcast-ping 'disable'
set firewall config-trap 'disable'
set firewall group address-group IP-SSH address 'xxx.xxx.8.13'
set firewall group address-group IP-SSH address 'xxx.xxx.240.254'
set firewall group address-group IP-SSH address 'xxx.xxx.11.14'
set firewall group address-group IP-SSH address 'xxx.xxx.11.30'
set firewall ipv6-receive-redirects 'disable'
set firewall ipv6-src-route 'disable'
set firewall ip-src-route 'disable'
set firewall log-martians 'enable'
set firewall name SSH-Access default-action 'drop'
set firewall name SSH-Access rule 1 action 'accept'
set firewall name SSH-Access rule 1 destination port '9999'
set firewall name SSH-Access rule 1 protocol 'tcp'
set firewall name SSH-Access rule 1 source group address-group 'IP-SSH'
set firewall name SSH-Access rule 2 action 'accept'
set firewall name SSH-Access rule 2 protocol 'ospf'
set firewall name SSH-Access rule 3 action 'accept'
set firewall name SSH-Access rule 3 protocol 'icmp'
set firewall name SSH-Access rule 4 action 'accept'
set firewall name SSH-Access rule 4 destination port '161'
set firewall name SSH-Access rule 4 protocol 'udp'
set firewall receive-redirects 'disable'
set firewall send-redirects 'disable'
set firewall source-validation 'disable'
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set interfaces ethernet eth0 address 'xxx.xxx.13.5/30'
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:78'
set interfaces ethernet eth1 address 'xxx.xxx.249.18/30'
set interfaces ethernet eth1 description 'Remote Vyos'
set interfaces ethernet eth1 hw-id 'xx:xx:xx:xx:xx:79'
set interfaces ethernet eth2 description 'xxxxxx'
set interfaces ethernet eth2 disable-flow-control
set interfaces ethernet eth2 hw-id 'xx:xx:xx:xx:xx:71'
set interfaces ethernet eth2 ip disable-forwarding
set interfaces ethernet eth2 ip disable-arp-filter
set interfaces ethernet eth2 offload gro
set interfaces ethernet eth2 offload lro
set interfaces ethernet eth2 offload sg
set interfaces ethernet eth2 offload tso
set interfaces ethernet eth2 ring-buffer rx '4096'
set interfaces ethernet eth2 ring-buffer tx '4096'
set interfaces ethernet eth2 vif 150 address 'xxx.xxx.242.42/30'
set interfaces ethernet eth2 vif 150 address 'xxxx:xxxx:a:2::2/126'
set interfaces ethernet eth2 vif 150 description 'PTP-xxxxxx'
set interfaces ethernet eth2 vif 171 address 'xxx.xxx.249.13/30'
set interfaces ethernet eth2 vif 171 description 'xxxxxx'
set interfaces ethernet eth2 vif 269 address 'xxx.xxx.127.136/25'
set interfaces ethernet eth2 vif 269 description 'xxxxxx'
set interfaces ethernet eth2 vif 400 address 'xxx.xxx.99.18/30'
set interfaces ethernet eth2 vif 400 address 'xxxx:xxxx:1001:1::52/126'
set interfaces ethernet eth2 vif 400 description 'xxxxxx'
set interfaces ethernet eth2 vif 401 address 'xxx.xxx.39.164/23'
set interfaces ethernet eth2 vif 401 address 'xxxx:xxxx:1000:8:0:1:3815:101/64'
set interfaces ethernet eth2 vif 401 description 'xxxxxx'
set interfaces ethernet eth3 description 'to Internal Cust'
set interfaces ethernet eth3 disable-flow-control
set interfaces ethernet eth3 hw-id 'xx:xx:xx:xx:xx:70'
set interfaces ethernet eth3 ip disable-forwarding
set interfaces ethernet eth3 ip disable-arp-filter
set interfaces ethernet eth3 offload gro
set interfaces ethernet eth3 offload lro
set interfaces ethernet eth3 offload sg
set interfaces ethernet eth3 offload tso
set interfaces ethernet eth3 ring-buffer rx '4096'
set interfaces ethernet eth3 ring-buffer tx '4096'
set interfaces ethernet eth3 vif 402 address 'xxx.xxx.249.1/30'
set interfaces ethernet eth3 vif 402 address 'xxx.xxx.13.1/30'
set interfaces ethernet eth3 vif 402 description 'xxxxxx'
set interfaces ethernet eth3 vif 402 disable-link-detect
set interfaces ethernet eth3 vif 403 address 'xxx.xxx.249.5/30'
set interfaces ethernet eth3 vif 403 description 'xxxxxx'
set interfaces ethernet eth3 vif 404 address 'xxx.xxx.249.21/30'
set interfaces ethernet eth3 vif 404 address 'xxxx:xxxx:0:5::1/126'
set interfaces ethernet eth3 vif 404 address 'xxx.xxx.211.1/29'
set interfaces ethernet eth3 vif 404 description 'PTP-xxxxx'
set interfaces loopback lo address 'xxx.xxx.242.3/32'
set policy as-path-list Discard-xxxxx-IN rule 10 action 'deny'
----
set policy as-path-list as-path-allroute rule 10 regex '.*'
set policy prefix-list IP-xxxxx rule 1 action 'permit'
set policy prefix-list IP-xxxxx rule 1 prefix 'xxx.xxx.100.0/24'
set policy prefix-list IP-xxxxx rule 2 action 'permit'
set policy prefix-list IP-xxxxx rule 2 prefix 'xxx.xxx.101.0/24'
set policy prefix-list IP-xxxxx rule 3 action 'permit'
set policy prefix-list IP-xxxxx rule 3 prefix 'xxx.xxx.9.0/24'
set policy prefix-list IP-Default rule 10 action 'permit'
set policy prefix-list IP-Default rule 10 prefix 'xxx.xxx.0.0/0'
set policy prefix-list IP-xxxxx rule 1 action 'permit'
set policy prefix-list IP-xxxxx rule 1 prefix 'xxx.xxx.240.0/24'
set policy prefix-list IP-xxxxx rule 2 action 'permit'
set policy prefix-list IP-xxxxx rule 2 prefix 'xxx.xxx.241.0/24'
set policy prefix-list IP-xxxxx rule 3 action 'permit'
set policy prefix-list IP-xxxxx rule 3 prefix 'xxx.xxx.243.0/24'
set policy prefix-list IP-xxxxx rule 4 action 'permit'
set policy prefix-list IP-xxxxx rule 4 prefix 'xxx.xxx.244.0/24'
set policy prefix-list IP-xxxxx rule 5 action 'deny'
set policy prefix-list IP-xxxxx rule 5 prefix 'xxx.xxx.245.0/24'
set policy prefix-list IP-xxxxx rule 6 action 'permit'
set policy prefix-list IP-xxxxx rule 6 prefix 'xxx.xxx.249.0/24'
set policy prefix-list IP-xxxxx rule 7 action 'permit'
set policy prefix-list IP-xxxxx rule 7 prefix 'xxx.xxx.250.0/24'
set policy prefix-list IP-xxxxx rule 8 action 'permit'
set policy prefix-list IP-xxxxx rule 8 prefix 'xxx.xxx.251.0/24'
set policy prefix-list IP-xxxxx rule 9 action 'permit'
set policy prefix-list IP-xxxxx rule 9 prefix 'xxx.xxx.252.0/24'
set policy prefix-list IP-xxxxx rule 10 action 'permit'
set policy prefix-list IP-xxxxx rule 10 prefix 'xxx.xxx.253.0/24'
set policy prefix-list IP-xxxxx rule 11 action 'permit'
set policy prefix-list IP-xxxxx rule 11 prefix 'xxx.xxx.254.0/24'
set policy prefix-list IP-xxxxx rule 12 action 'permit'
set policy prefix-list IP-xxxxx rule 12 prefix 'xxx.xxx.255.0/24'
set policy prefix-list IP-xxxxx rule 14 action 'deny'
set policy prefix-list IP-xxxxx rule 14 prefix 'xxx.xxx.9.0/24'
set policy prefix-list IP-xxxxx rule 15 action 'permit'
set policy prefix-list IP-xxxxx rule 15 le '24'
set policy prefix-list IP-xxxxx rule 15 prefix 'xxx.xxx.8.0/21'
set policy prefix-list IP-xxxxx rule 16 action 'deny'
set policy prefix-list IP-xxxxx rule 16 prefix 'xxx.xxx.246.0/24'
set policy prefix-list IP-xxxxx rule 17 action 'deny'
set policy prefix-list IP-xxxxx rule 17 prefix 'xxx.xxx.247.0/24'
set policy prefix-list IP-xxxxx rule 18 action 'deny'
set policy prefix-list IP-xxxxx rule 18 prefix 'xxx.xxx.248.0/24'
set policy prefix-list IP-xxxxx rule 1 action 'permit'
set policy prefix-list IP-xxxxx rule 1 prefix 'xxx.xxx.240.0/24'
set policy prefix-list IP-xxxxx rule 2 action 'permit'
set policy prefix-list IP-xxxxx rule 2 prefix 'xxx.xxx.241.0/24'
set policy prefix-list IP-xxxxx rule 3 action 'permit'
set policy prefix-list IP-xxxxx rule 3 prefix 'xxx.xxx.243.0/24'
set policy prefix-list IP-xxxxx rule 4 action 'permit'
set policy prefix-list IP-xxxxx rule 4 prefix 'xxx.xxx.244.0/24'
set policy prefix-list IP-xxxxx rule 5 action 'deny'
set policy prefix-list IP-xxxxx rule 5 prefix 'xxx.xxx.245.0/24'
set policy prefix-list IP-xxxxx rule 6 action 'permit'
set policy prefix-list IP-xxxxx rule 6 prefix 'xxx.xxx.249.0/24'
set policy prefix-list IP-xxxxx rule 7 action 'permit'
set policy prefix-list IP-xxxxx rule 7 prefix 'xxx.xxx.250.0/24'
set policy prefix-list IP-xxxxx rule 8 action 'permit'
set policy prefix-list IP-xxxxx rule 8 prefix 'xxx.xxx.251.0/24'
set policy prefix-list IP-xxxxx rule 9 action 'permit'
set policy prefix-list IP-xxxxx rule 9 prefix 'xxx.xxx.252.0/24'
set policy prefix-list IP-xxxxx rule 10 action 'permit'
set policy prefix-list IP-xxxxx rule 10 prefix 'xxx.xxx.253.0/24'
set policy prefix-list IP-xxxxx rule 11 action 'permit'
set policy prefix-list IP-xxxxx rule 11 prefix 'xxx.xxx.254.0/24'
set policy prefix-list IP-xxxxx rule 12 action 'permit'
set policy prefix-list IP-xxxxx rule 12 prefix 'xxx.xxx.255.0/24'
set policy prefix-list IP-xxxxx rule 14 action 'deny'
set policy prefix-list IP-xxxxx rule 14 prefix 'xxx.xxx.9.0/24'
set policy prefix-list IP-xxxxx rule 15 action 'permit'
set policy prefix-list IP-xxxxx rule 15 le '24'
set policy prefix-list IP-xxxxx rule 15 prefix 'xxx.xxx.8.0/21'
set policy prefix-list IP-xxxxx rule 16 action 'deny'
set policy prefix-list IP-xxxxx rule 16 prefix 'xxx.xxx.246.0/24'
set policy prefix-list IP-xxxxx rule 17 action 'deny'
set policy prefix-list IP-xxxxx rule 17 prefix 'xxx.xxx.247.0/24'
set policy prefix-list IP-xxxxx rule 18 action 'deny'
set policy prefix-list IP-xxxxx rule 18 prefix 'xxx.xxx.248.0/24'
set policy prefix-list IP-xxxxx rule 1 action 'permit'
set policy prefix-list IP-xxxxx rule 1 prefix 'xxx.xxx.240.0/24'
set policy prefix-list IP-xxxxx rule 2 action 'permit'
set policy prefix-list IP-xxxxx rule 2 prefix 'xxx.xxx.241.0/24'
set policy prefix-list IP-xxxxx rule 3 action 'permit'
set policy prefix-list IP-xxxxx rule 3 prefix 'xxx.xxx.243.0/24'
set policy prefix-list IP-xxxxx rule 4 action 'permit'
set policy prefix-list IP-xxxxx rule 4 prefix 'xxx.xxx.244.0/24'
set policy prefix-list IP-xxxxx rule 5 action 'permit'
set policy prefix-list IP-xxxxx rule 5 prefix 'xxx.xxx.245.0/24'
set policy prefix-list IP-xxxxx rule 6 action 'permit'
set policy prefix-list IP-xxxxx rule 6 prefix 'xxx.xxx.249.0/24'
set policy prefix-list IP-xxxxx rule 7 action 'permit'
set policy prefix-list IP-xxxxx rule 7 prefix 'xxx.xxx.250.0/24'
set policy prefix-list IP-xxxxx rule 8 action 'permit'
set policy prefix-list IP-xxxxx rule 8 prefix 'xxx.xxx.251.0/24'
set policy prefix-list IP-xxxxx rule 9 action 'permit'
set policy prefix-list IP-xxxxx rule 9 prefix 'xxx.xxx.252.0/24'
set policy prefix-list IP-xxxxx rule 10 action 'permit'
set policy prefix-list IP-xxxxx rule 10 prefix 'xxx.xxx.253.0/24'
set policy prefix-list IP-xxxxx rule 11 action 'permit'
set policy prefix-list IP-xxxxx rule 11 prefix 'xxx.xxx.254.0/24'
set policy prefix-list IP-xxxxx rule 12 action 'permit'
set policy prefix-list IP-xxxxx rule 12 prefix 'xxx.xxx.255.0/24'
set policy prefix-list IP-xxxxx rule 13 action 'permit'
set policy prefix-list IP-xxxxx rule 13 prefix 'xxx.xxx.8.0/24'
set policy prefix-list IP-xxxxx rule 14 action 'permit'
set policy prefix-list IP-xxxxx rule 14 prefix 'xxx.xxx.10.0/24'
set policy prefix-list IP-xxxxx rule 15 action 'permit'
set policy prefix-list IP-xxxxx rule 15 prefix 'xxx.xxx.11.0/24'
set policy prefix-list IP-xxxxx rule 16 action 'permit'
set policy prefix-list IP-xxxxx rule 16 prefix 'xxx.xxx.12.0/24'
set policy prefix-list IP-xxxxx rule 17 action 'permit'
set policy prefix-list IP-xxxxx rule 17 prefix 'xxx.xxx.13.0/24'
set policy prefix-list IP-xxxxx rule 18 action 'permit'
set policy prefix-list IP-xxxxx rule 18 prefix 'xxx.xxx.14.0/24'
set policy prefix-list IP-xxxxx rule 19 action 'permit'
set policy prefix-list IP-xxxxx rule 19 prefix 'xxx.xxx.15.0/24'
set policy prefix-list IP-xxxxx rule 1 action 'permit'
set policy prefix-list IP-xxxxx rule 1 prefix 'xxx.xxx.240.0/24'
set policy prefix-list IP-xxxxx rule 2 action 'permit'
set policy prefix-list IP-xxxxx rule 2 prefix 'xxx.xxx.241.0/24'
set policy prefix-list IP-xxxxx rule 3 action 'permit'
set policy prefix-list IP-xxxxx rule 3 prefix 'xxx.xxx.8.0/24'
set policy prefix-list IP-xxxxx rule 4 action 'permit'
set policy prefix-list IP-xxxxx rule 4 prefix 'xxx.xxx.10.0/24'
set policy prefix-list IP-xxxxx rule 5 action 'permit'
set policy prefix-list IP-xxxxx rule 5 prefix 'xxx.xxx.11.0/24'
set policy prefix-list IP-xxxxx rule 6 action 'permit'
set policy prefix-list IP-xxxxx rule 6 prefix 'xxx.xxx.12.0/24'
set policy prefix-list IP-xxxxx rule 7 action 'permit'
set policy prefix-list IP-xxxxx rule 7 prefix 'xxx.xxx.13.0/24'
set policy prefix-list IP-xxxxx rule 8 action 'permit'
set policy prefix-list IP-xxxxx rule 8 prefix 'xxx.xxx.14.0/24'
set policy prefix-list IP-xxxxx rule 9 action 'permit'
set policy prefix-list IP-xxxxx rule 9 prefix 'xxx.xxx.15.0/24'
set policy prefix-list IP-xxxxx rule 10 action 'permit'
set policy prefix-list IP-xxxxx rule 10 prefix 'xxx.xxx.243.0/24'
set policy prefix-list IP-xxxxx rule 11 action 'permit'
set policy prefix-list IP-xxxxx rule 11 prefix 'xxx.xxx.244.0/24'
set policy prefix-list IP-xxxxx rule 12 action 'permit'
set policy prefix-list IP-xxxxx rule 12 prefix 'xxx.xxx.249.0/24'
set policy prefix-list IP-xxxxx rule 13 action 'permit'
set policy prefix-list IP-xxxxx rule 13 prefix 'xxx.xxx.250.0/24'
set policy prefix-list IP-xxxxx rule 14 action 'permit'
set policy prefix-list IP-xxxxx rule 14 prefix 'xxx.xxx.251.0/24'
set policy prefix-list IP-xxxxx rule 15 action 'permit'
set policy prefix-list IP-xxxxx rule 15 prefix 'xxx.xxx.252.0/24'
set policy prefix-list IP-xxxxx rule 16 action 'permit'
set policy prefix-list IP-xxxxx rule 16 prefix 'xxx.xxx.253.0/24'
set policy prefix-list IP-xxxxx rule 17 action 'permit'
set policy prefix-list IP-xxxxx rule 17 prefix 'xxx.xxx.254.0/24'
set policy prefix-list IP-xxxxx rule 18 action 'permit'
set policy prefix-list IP-xxxxx rule 18 prefix 'xxx.xxx.255.0/24'
set policy prefix-list IP-xxxxx rule 1 action 'permit'
set policy prefix-list IP-xxxxx rule 1 prefix 'xxx.xxx.27.0/24'
set policy prefix-list IP-xxxxx rule 2 action 'permit'
set policy prefix-list IP-xxxxx rule 2 prefix 'xxx.xxx.125.0/24'
set policy prefix-list IP-xxxxx rule 1 action 'permit'
set policy prefix-list IP-xxxxx rule 1 prefix 'xxx.xxx.240.0/24'
set policy prefix-list IP-xxxxx rule 2 action 'permit'
set policy prefix-list IP-xxxxx rule 2 prefix 'xxx.xxx.241.0/24'
set policy prefix-list IP-xxxxx rule 3 action 'permit'
set policy prefix-list IP-xxxxx rule 3 prefix 'xxx.xxx.243.0/24'
set policy prefix-list IP-xxxxx rule 4 action 'permit'
set policy prefix-list IP-xxxxx rule 4 prefix 'xxx.xxx.244.0/24'
set policy prefix-list IP-xxxxx rule 6 action 'permit'
set policy prefix-list IP-xxxxx rule 6 prefix 'xxx.xxx.249.0/24'
set policy prefix-list IP-xxxxx rule 7 action 'permit'
set policy prefix-list IP-xxxxx rule 7 prefix 'xxx.xxx.250.0/24'
set policy prefix-list IP-xxxxx rule 8 action 'permit'
set policy prefix-list IP-xxxxx rule 8 prefix 'xxx.xxx.251.0/24'
set policy prefix-list IP-xxxxx rule 9 action 'permit'
set policy prefix-list IP-xxxxx rule 9 prefix 'xxx.xxx.252.0/24'
set policy prefix-list IP-xxxxx rule 10 action 'permit'
set policy prefix-list IP-xxxxx rule 10 prefix 'xxx.xxx.253.0/24'
set policy prefix-list IP-xxxxx rule 11 action 'permit'
set policy prefix-list IP-xxxxx rule 11 prefix 'xxx.xxx.254.0/24'
set policy prefix-list IP-xxxxx rule 12 action 'permit'
set policy prefix-list IP-xxxxx rule 12 prefix 'xxx.xxx.255.0/24'
set policy prefix-list IP-xxxxx rule 13 action 'permit'
set policy prefix-list IP-xxxxx rule 13 prefix 'xxx.xxx.8.0/24'
set policy prefix-list IP-xxxxx rule 14 action 'permit'
set policy prefix-list IP-xxxxx rule 14 prefix 'xxx.xxx.10.0/24'
set policy prefix-list IP-xxxxx rule 15 action 'permit'
set policy prefix-list IP-xxxxx rule 15 prefix 'xxx.xxx.11.0/24'
set policy prefix-list IP-xxxxx rule 16 action 'permit'
set policy prefix-list IP-xxxxx rule 16 prefix 'xxx.xxx.12.0/24'
set policy prefix-list IP-xxxxx rule 17 action 'permit'
set policy prefix-list IP-xxxxx rule 17 prefix 'xxx.xxx.13.0/24'
set policy prefix-list IP-xxxxx rule 18 action 'permit'
set policy prefix-list IP-xxxxx rule 18 prefix 'xxx.xxx.14.0/24'
set policy prefix-list IP-xxxxx rule 19 action 'permit'
set policy prefix-list IP-xxxxx rule 19 prefix 'xxx.xxx.15.0/24'
set policy prefix-list IP-xxxxx-Cust rule 1 action 'permit'
set policy prefix-list IP-xxxxx-Cust rule 1 prefix 'xxx.xxx.125.0/24'
set policy prefix-list IP-xxxxx-Cust rule 2 action 'permit'
set policy prefix-list IP-xxxxx-Cust rule 2 prefix 'xxx.xxx.27.0/24'
set policy prefix-list IP-xxxxx-Vyos rule 1 action 'permit'
set policy prefix-list IP-xxxxx-Vyos rule 1 prefix 'xxx.xxx.13.0/24'
set policy prefix-list6 IPV6-xxxxx rule 1 action 'permit'
set policy prefix-list6 IPV6-xxxxx rule 1 prefix 'xxxx:xxxx::/48'
set policy prefix-list6 IPV6-xxxxx rule 2 action 'permit'
set policy prefix-list6 IPV6-xxxxx rule 2 prefix 'xxxx:xxxx:1::/48'
set policy prefix-list6 IPV6-xxxxx rule 3 action 'permit'
set policy prefix-list6 IPV6-xxxxx rule 3 prefix 'xxxx:xxxx:2::/48'
set policy prefix-list6 IPV6-xxxxx rule 4 action 'permit'
set policy prefix-list6 IPV6-xxxxx rule 4 prefix 'xxxx:xxxx:3::/48'
set policy prefix-list6 IPV6-xxxxx rule 1 action 'permit'
set policy prefix-list6 IPV6-xxxxx rule 1 prefix 'xxxx:xxxx::/48'
set policy prefix-list6 IPV6-xxxxx rule 2 action 'permit'
set policy prefix-list6 IPV6-xxxxx rule 2 prefix 'xxxx:xxxx:1::/48'
set policy prefix-list6 IPV6-xxxxx rule 3 action 'permit'
set policy prefix-list6 IPV6-xxxxx rule 3 prefix 'xxxx:xxxx:2::/48'
set policy prefix-list6 IPV6-xxxxx rule 4 action 'permit'
set policy prefix-list6 IPV6-xxxxx rule 4 prefix 'xxxx:xxxx:3::/48'
set policy prefix-list6 IPV6-xxxxx rule 1 action 'permit'
set policy prefix-list6 IPV6-xxxxx rule 1 prefix 'xxxx:xxxx::/48'
set policy prefix-list6 IPV6-xxxxx rule 2 action 'permit'
set policy prefix-list6 IPV6-xxxxx rule 2 prefix 'xxxx:xxxx:1::/48'
set policy prefix-list6 IPV6-xxxxx rule 3 action 'permit'
set policy prefix-list6 IPV6-xxxxx rule 3 prefix 'xxxx:xxxx:2::/48'
set policy prefix-list6 IPV6-xxxxx rule 4 action 'permit'
set policy prefix-list6 IPV6-xxxxx rule 4 prefix 'xxxx:xxxx:3::/48'
set policy route-map BGP-xxxxx-Out rule 1 action 'permit'
set policy route-map BGP-xxxxx-Out rule 1 match as-path 'as-path-allroute'
set policy route-map BGP-xxxxx-IN rule 1 action 'permit'
set policy route-map BGP-xxxxx-IN rule 1 match as-path 'Discard-xxxxx-IN'
set policy route-map BGP-xxxxx-IN rule 2 action 'permit'
set policy route-map BGP-xxxxx-IN rule 2 match as-path 'as-path-allroute'
set policy route-map BGP-xxxxx-OUT rule 1 action 'permit'
set policy route-map BGP-xxxxx-OUT rule 1 match ip address prefix-list 'IP-xxxxx'
set policy route-map BGP-xxxxx-OUT rule 1 set
set policy route-map BGP-xxxxx-OUT rule 2 action 'permit'
set policy route-map BGP-xxxxx-OUT rule 2 match as-path 'Regexp-BGP-Cust'
set policy route-map BGP-xxxxx-IPv6-OUT rule 1 action 'permit'
set policy route-map BGP-xxxxx-IPv6-OUT rule 1 match ipv6 address prefix-list 'IPV6-xxxxx'
set policy route-map BGP-xxxxx-IN rule 1 action 'permit'
set policy route-map BGP-xxxxx-IN rule 1 match as-path 'as-path-allroute'
set policy route-map BGP-xxxxx-OUT rule 1 action 'permit'
set policy route-map BGP-xxxxx-OUT rule 1 match ip address prefix-list 'IP-xxxxx'
set policy route-map BGP-xxxxx-OUT rule 2 action 'permit'
set policy route-map BGP-xxxxx-OUT rule 2 match as-path 'Regexp-BGP-Cust'
set policy route-map BGP-xxxxx-IPv6-OUT rule 1 action 'permit'
set policy route-map BGP-xxxxx-IPv6-OUT rule 1 match ipv6 address prefix-list 'IPV6-xxxxx'
set policy route-map BGP-xxxxx-IN rule 1 action 'permit'
set policy route-map BGP-xxxxx-IN rule 1 match as-path 'xxxxx-IN'
set policy route-map BGP-xxxxx-OUT rule 1 action 'permit'
set policy route-map BGP-xxxxx-OUT rule 1 match ip address prefix-list 'IP-xxxxx'
set policy route-map BGP-xxxxx-IN rule 1 action 'permit'
set policy route-map BGP-xxxxx-IN rule 1 match as-path 'xxxxx-IN'
set policy route-map BGP-xxxxx-OUT rule 10 action 'permit'
set policy route-map BGP-xxxxx-OUT rule 10 match ip address prefix-list 'IP-xxxxx'
set policy route-map BGP-xxxxx-OUT rule 20 action 'permit'
set policy route-map BGP-xxxxx-OUT rule 20 match as-path 'Regexp-BGP-Cust'
set policy route-map BGP-xxxxx-IPv6-OUT rule 1 action 'permit'
set policy route-map BGP-xxxxx-IPv6-OUT rule 1 match ipv6 address prefix-list 'IPV6-xxxxx'
set policy route-map BGP-xxxxx-In rule 1 action 'permit'
set policy route-map BGP-xxxxx-In rule 1 set local-preference '400'
set policy route-map BGP-xxxxx-Out rule 1 action 'permit'
set policy route-map BGP-xxxxx-Out rule 1 match ip address prefix-list 'IP-xxxxx-Vyos'
set policy route-map BGP-xxxxx-Out rule 2 action 'permit'
set policy route-map BGP-xxxxx-Out rule 2 match as-path 'Regexp-BGP-Cust'
set policy route-map BGP-xxxxx-xxxxx-IN rule 1 action 'permit'
set policy route-map BGP-xxxxx-xxxxx-IN rule 1 match ip address prefix-list 'IP-Default'
set policy route-map BGP-xxxxx-xxxxx-OUT rule 1 action 'permit'
set policy route-map BGP-xxxxx-xxxxx-OUT rule 1 match ip address prefix-list 'IP-xxxxx'
set policy route-map BGP-xxxxx-xxxxx-OUT rule 1 set as-path-prepend '38150'
set policy route-map BGP-xxxxx-xxxxx-OUT rule 2 action 'permit'
set policy route-map BGP-xxxxx-xxxxx-OUT rule 2 match as-path 'Regexp-BGP-Cust'
set policy route-map BGP-xxxxx-xxxxx-OUT rule 2 set as-path-prepend '38150 38150 38150'
set policy route-map Cust-xxxxx-In rule 1 action 'permit'
set policy route-map Cust-xxxxx-In rule 1 match as-path 'as-path-xxxxx'
set policy route-map Cust-xxxxx-In rule 1 set local-preference '2000'
set policy route-map Cust-xxxxx-Out rule 1 action 'permit'
set policy route-map Cust-xxxxx-Out rule 1 match as-path 'as-path-allroute'
set policy route-map Cust-xxxxx-In rule 1 action 'permit'
set policy route-map Cust-xxxxx-In rule 1 match as-path 'as-path-xxxxx'
set policy route-map Cust-xxxxx-In rule 1 set local-preference '500'
set policy route-map Cust-xxxxx-Out rule 1 action 'permit'
set policy route-map Cust-xxxxx-Out rule 1 match as-path 'as-path-allroute'
set protocols bgp XXXXXX address-family ipv4-unicast network xxx.xxx.249.0/24
set protocols bgp XXXXXX address-family ipv4-unicast network xxx.xxx.13.0/24
set protocols bgp XXXXXX neighbor xxx.xxx.127.129 address-family ipv4-unicast route-map export 'BGP-xxxxx-OUT'
set protocols bgp XXXXXX neighbor xxx.xxx.127.129 address-family ipv4-unicast route-map import 'BGP-xxxxx-IN'
set protocols bgp XXXXXX neighbor xxx.xxx.127.129 description 'BGP-xxxxx'
set protocols bgp XXXXXX neighbor xxx.xxx.127.129 remote-as '7597'
set protocols bgp XXXXXX neighbor xxx.xxx.127.253 address-family ipv4-unicast route-map export 'BGP-xxxxx-OUT'
set protocols bgp XXXXXX neighbor xxx.xxx.127.253 address-family ipv4-unicast route-map import 'BGP-xxxxx-IN'
set protocols bgp XXXXXX neighbor xxx.xxx.127.253 description 'BGP-xxxxx-RS'
set protocols bgp XXXXXX neighbor xxx.xxx.127.253 remote-as '7597'
set protocols bgp XXXXXX neighbor xxx.xxx.99.17 address-family ipv4-unicast route-map export 'BGP-xxxxx-OUT'
set protocols bgp XXXXXX neighbor xxx.xxx.99.17 address-family ipv4-unicast route-map import 'BGP-xxxxx-IN'
set protocols bgp XXXXXX neighbor xxx.xxx.99.17 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.99.17 remote-as '4761'
set protocols bgp XXXXXX neighbor xxx.xxx.38.1 address-family ipv4-unicast route-map export 'BGP-xxxxx-OUT'
set protocols bgp XXXXXX neighbor xxx.xxx.38.1 address-family ipv4-unicast route-map import 'BGP-xxxxx-IN'
set protocols bgp XXXXXX neighbor xxx.xxx.38.1 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.38.1 remote-as '17922'
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 address-family ipv4-unicast nexthop-self
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 address-family ipv4-unicast route-map export 'BGP-xxxxx-OUT'
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 address-family ipv4-unicast route-map import 'BGP-xxxxx-IN'
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 address-family ipv4-unicast route-reflector-client
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 remote-as '38150'
set protocols bgp XXXXXX neighbor xxx.xxx.242.2 update-source 'xxx.xxx.242.3'
set protocols bgp XXXXXX neighbor xxx.xxx.249.2 address-family ipv4-unicast route-map export 'Cust-xxxxx-Out'
set protocols bgp XXXXXX neighbor xxx.xxx.249.2 address-family ipv4-unicast route-map import 'Cust-xxxxx-In'
set protocols bgp XXXXXX neighbor xxx.xxx.249.2 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.249.2 description 'Cust-xxxxx'
set protocols bgp XXXXXX neighbor xxx.xxx.249.2 remote-as '136079'
set protocols bgp XXXXXX neighbor xxx.xxx.249.6 address-family ipv4-unicast route-map export 'Cust-xxxxx-Out'
set protocols bgp XXXXXX neighbor xxx.xxx.249.6 address-family ipv4-unicast route-map import 'Cust-xxxxx-In'
set protocols bgp XXXXXX neighbor xxx.xxx.249.6 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.249.6 description 'Cust-xxxxx'
set protocols bgp XXXXXX neighbor xxx.xxx.249.6 remote-as '141675'
set protocols bgp XXXXXX neighbor xxx.xxx.249.14 address-family ipv4-unicast nexthop-self
set protocols bgp XXXXXX neighbor xxx.xxx.249.14 address-family ipv4-unicast route-map export 'BGP-xxxxx-xxxxx-OUT'
set protocols bgp XXXXXX neighbor xxx.xxx.249.14 address-family ipv4-unicast route-reflector-client
set protocols bgp XXXXXX neighbor xxx.xxx.249.14 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.249.14 description 'BGP-xxxxx-TELKOM'
set protocols bgp XXXXXX neighbor xxx.xxx.249.14 remote-as '38150'
set protocols bgp XXXXXX neighbor xxx.xxx.249.17 address-family ipv4-unicast nexthop-self
set protocols bgp XXXXXX neighbor xxx.xxx.249.17 address-family ipv4-unicast route-map export 'BGP-xxxxx-Out'
set protocols bgp XXXXXX neighbor xxx.xxx.249.17 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.249.17 description 'BGP-xxxxx-AS38150'
set protocols bgp XXXXXX neighbor xxx.xxx.249.17 remote-as '38150'
set protocols bgp XXXXXX neighbor xxx.xxx.249.17 shutdown
set protocols bgp XXXXXX neighbor xxx.xxx.249.22 address-family ipv4-unicast nexthop-self
set protocols bgp XXXXXX neighbor xxx.xxx.249.22 address-family ipv4-unicast route-map export 'BGP-xxxxx-Out'
set protocols bgp XXXXXX neighbor xxx.xxx.249.22 address-family ipv4-unicast route-reflector-client
set protocols bgp XXXXXX neighbor xxx.xxx.249.22 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp XXXXXX neighbor xxx.xxx.249.22 remote-as '38150'
set protocols bgp XXXXXX neighbor xxxx:xxxx:0:5::2 address-family ipv6-unicast nexthop-self
set protocols bgp XXXXXX neighbor xxxx:xxxx:0:5::2 address-family ipv6-unicast route-reflector-client
set protocols bgp XXXXXX neighbor xxxx:xxxx:0:5::2 description 'BGP-IPv6-xxxxx-JOG'
set protocols bgp XXXXXX neighbor xxxx:xxxx:0:5::2 remote-as '38150'
set protocols bgp XXXXXX neighbor xxxx:xxxx:a:2::1 address-family ipv6-unicast nexthop-self
set protocols bgp XXXXXX neighbor xxxx:xxxx:a:2::1 address-family ipv6-unicast route-map export 'BGP-xxxxx-IPv6-OUT'
set protocols bgp XXXXXX neighbor xxxx:xxxx:a:2::1 address-family ipv6-unicast route-reflector-client
set protocols bgp XXXXXX neighbor xxxx:xxxx:a:2::1 description 'BGP-IPV6-xxxxx'
set protocols bgp XXXXXX neighbor xxxx:xxxx:a:2::1 remote-as '38150'
set protocols bgp XXXXXX neighbor xxxx:xxxx:1000:8:0:1:7922:1 address-family ipv6-unicast route-map export 'BGP-xxxxx-IPv6-OUT'
set protocols bgp XXXXXX neighbor xxxx:xxxx:1000:8:0:1:7922:1 description 'xxxxx-IPv6'
set protocols bgp XXXXXX neighbor xxxx:xxxx:1000:8:0:1:7922:1 remote-as '17922'
set protocols bgp XXXXXX neighbor xxxx:xxxx:1001:1::51 address-family ipv6-unicast route-map export 'BGP-xxxxx-IPv6-OUT'
set protocols bgp XXXXXX neighbor xxxx:xxxx:1001:1::51 description 'xxxxx-IPV6'
set protocols bgp XXXXXX neighbor xxxx:xxxx:1001:1::51 remote-as '4761'
set protocols bgp XXXXXX parameters bestpath as-path multipath-relax
set protocols ospf area 0 network 'xxx.xxx.249.20/30'
set protocols ospf area 0 network 'xxx.xxx.249.16/30'
set protocols ospf area 0 network 'xxx.xxx.242.3/32'
set protocols ospf area 0 network 'xxx.xxx.242.40/30'
set protocols ospf area 0 network 'xxx.xxx.249.12/30'
set protocols ospf log-adjacency-changes
set protocols ospf parameters abr-type 'cisco'
set protocols ospf parameters router-id 'xxx.xxx.249.21'
set protocols ospf passive-interface 'eth2'
set protocols ospf passive-interface 'eth2.400'
set protocols ospf passive-interface 'eth2.401'
set protocols ospf passive-interface 'eth3'
set protocols ospf passive-interface 'eth1'
set protocols ospfv3 area 0 interface 'eth2.150'
set protocols ospfv3 area 0 interface 'eth3.404'
set protocols ospfv3 parameters router-id 'xxx.xxx.249.21'
set protocols static route xxx.xxx.249.0/24 blackhole distance '254'
set protocols static route xxx.xxx.13.0/24 blackhole distance '254'
set system config-management commit-revisions '100'
set system conntrack expect-table-size '20971520'
set system conntrack hash-size '20971520'
set system conntrack log icmp new
set system conntrack log other new
set system conntrack log tcp new
set system conntrack log udp new
set system conntrack table-size '20971520'
set system conntrack timeout tcp close '10'
set system conntrack timeout tcp close-wait '30'
set system conntrack timeout tcp established '600'
set system conntrack timeout tcp fin-wait '30'
set system conntrack timeout tcp last-ack '30'
set system conntrack timeout tcp syn-recv '30'
set system conntrack timeout tcp syn-sent '30'
set system conntrack timeout tcp time-wait '30'
set system conntrack timeout udp other '600'
set system conntrack timeout udp stream '600'
set system console device ttyS0 speed '115200'
set system ip arp table-size '32768'
set system ip multipath layer4-hashing
set system ipv6 multipath layer4-hashing
set system ipv6 neighbor table-size '32768'
set system option performance 'throughput'
set system sysctl custom net.core.rmem_max value '446464'
set system sysctl custom net.core.wmem_max value '425984'
set system sysctl custom net.ipv4.icmp_ratelimit value '1000'
set system sysctl custom net.ipv4.icmp_ratemask value '4120'
set system sysctl custom net.ipv6.route.max_size value '655360'
set system sysctl custom vm.swappiness value '1'
set system sysctl custom vm.vfs_cache_pressure value '50'
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'

sorry i need more characters

how about this? could this be the cause?

sh system memory cache
 Active / Total Objects (% used)    : 3045917 / 3110399 (97.9%)
 Active / Total Slabs (% used)      : 65730 / 65730 (100.0%)
 Active / Total Caches (% used)     : 99 / 119 (83.2%)
 Active / Total Size (% used)       : 321831.84K / 334589.66K (96.2%)
 Minimum / Average / Maximum Object : 0.01K / 0.11K / 8.00K

It is almost 100%

Apachez · September 13, 2023, 7:16am

Yeah something is eating up memory in your system even if its 16GB where 12GB is unused (according to free).

Also no conntrack is being used so the table-size, expect-table-size and hash-size isnt in play here.

I would try to remove these lines:

set system sysctl custom net.core.rmem_max value '446464'
set system sysctl custom net.core.wmem_max value '425984'

Also output of “sudo ps auxwww”, “sudo netstat -atunp” and “ulimit -a” would be handy.

When this occurs any particular info in “sudo dmesg” (like last 100 lines or so) along with “sudo journalctl | tail -n 100” ?

Apachez · September 13, 2023, 7:34am

Would also be interresting to find out number of arp entries your box currently have:

arp -an | wc -l

tantomo · September 13, 2023, 8:06am

$ sudo ps auxwww

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0 170668 10704 ?        Ss   Sep08   0:09 /sbin/init noautologin
root         2  0.0  0.0      0     0 ?        S    Sep08   0:00 [kthreadd]
root         3  0.0  0.0      0     0 ?        I<   Sep08   0:00 [rcu_gp]
root         4  0.0  0.0      0     0 ?        I<   Sep08   0:00 [rcu_par_gp]
root         6  0.0  0.0      0     0 ?        I<   Sep08   0:00 [kworker/0:0H-kblockd]
root         8  0.0  0.0      0     0 ?        I<   Sep08   0:00 [mm_percpu_wq]
root         9  0.0  0.0      0     0 ?        S    Sep08   1:48 [ksoftirqd/0]
root        10  0.1  0.0      0     0 ?        I    Sep08   9:24 [rcu_sched]
root        11  0.0  0.0      0     0 ?        S    Sep08   0:00 [migration/0]
root        13  0.0  0.0      0     0 ?        S    Sep08   0:00 [cpuhp/0]
root        14  0.0  0.0      0     0 ?        S    Sep08   0:00 [cpuhp/1]
root        15  0.0  0.0      0     0 ?        S    Sep08   0:00 [migration/1]
root        16  0.0  0.0      0     0 ?        S    Sep08   2:01 [ksoftirqd/1]
root        18  0.0  0.0      0     0 ?        I<   Sep08   0:00 [kworker/1:0H-kblockd]
root        19  0.0  0.0      0     0 ?        S    Sep08   0:00 [cpuhp/2]
root        20  0.0  0.0      0     0 ?        S    Sep08   0:00 [migration/2]
root        21  0.0  0.0      0     0 ?        S    Sep08   1:57 [ksoftirqd/2]
root        23  0.0  0.0      0     0 ?        I<   Sep08   0:00 [kworker/2:0H-kblockd]
root        24  0.0  0.0      0     0 ?        S    Sep08   0:00 [cpuhp/3]
root        25  0.0  0.0      0     0 ?        S    Sep08   0:00 [migration/3]
root        26  0.0  0.0      0     0 ?        S    Sep08   2:11 [ksoftirqd/3]
root        28  0.0  0.0      0     0 ?        I<   Sep08   0:00 [kworker/3:0H-kblockd]
root        29  0.0  0.0      0     0 ?        S    Sep08   0:00 [kdevtmpfs]
root        30  0.0  0.0      0     0 ?        I<   Sep08   0:00 [netns]
root        31  0.0  0.0      0     0 ?        S    Sep08   0:00 [kauditd]
root        33  0.0  0.0      0     0 ?        S    Sep08   0:00 [khungtaskd]
root        34  0.0  0.0      0     0 ?        S    Sep08   0:00 [oom_reaper]
root        35  0.0  0.0      0     0 ?        I<   Sep08   0:00 [writeback]
root        36  0.0  0.0      0     0 ?        S    Sep08   0:00 [kcompactd0]
root        37  0.0  0.0      0     0 ?        SN   Sep08   0:00 [ksmd]
root        38  0.0  0.0      0     0 ?        SN   Sep08   0:03 [khugepaged]
root        67  0.0  0.0      0     0 ?        I<   Sep08   0:00 [kintegrityd]
root        68  0.0  0.0      0     0 ?        I<   Sep08   0:00 [kblockd]
root        69  0.0  0.0      0     0 ?        I<   Sep08   0:00 [blkcg_punt_bio]
root        72  0.0  0.0      0     0 ?        I<   Sep08   0:00 [md]
root        73  0.0  0.0      0     0 ?        I<   Sep08   0:00 [edac-poller]
root        74  0.0  0.0      0     0 ?        I<   Sep08   0:00 [devfreq_wq]
root        75  0.0  0.0      0     0 ?        S    Sep08   0:00 [watchdogd]
root        76  0.0  0.0      0     0 ?        S    Sep08   0:00 [kswapd0]
root        78  0.0  0.0      0     0 ?        I<   Sep08   0:00 [kthrotld]
root        79  0.0  0.0      0     0 ?        I<   Sep08   0:00 [ipv6_addrconf]
root        89  0.0  0.0      0     0 ?        I<   Sep08   0:00 [kstrp]
root       125  0.0  0.0      0     0 ?        I<   Sep08   0:00 [acpi_thermal_pm]
root       154  0.0  0.0      0     0 ?        I<   Sep08   0:00 [mlx4]
root       156  0.0  0.0      0     0 ?        I<   Sep08   0:00 [mlx4_health]
root       158  0.0  0.0      0     0 ?        I<   Sep08   0:00 [ata_sff]
root       160  0.0  0.0      0     0 ?        S    Sep08   0:00 [scsi_eh_0]
root       161  0.0  0.0      0     0 ?        I<   Sep08   0:00 [scsi_tmf_0]
root       162  0.0  0.0      0     0 ?        S    Sep08   0:00 [scsi_eh_1]
root       163  0.0  0.0      0     0 ?        I<   Sep08   0:00 [scsi_tmf_1]
root       164  0.0  0.0      0     0 ?        S    Sep08   0:00 [scsi_eh_2]
root       165  0.0  0.0      0     0 ?        I<   Sep08   0:00 [scsi_tmf_2]
root       166  0.0  0.0      0     0 ?        S    Sep08   0:00 [scsi_eh_3]
root       167  0.0  0.0      0     0 ?        I<   Sep08   0:00 [scsi_tmf_3]
root       168  0.0  0.0      0     0 ?        S    Sep08   0:00 [scsi_eh_4]
root       169  0.0  0.0      0     0 ?        I<   Sep08   0:00 [scsi_tmf_4]
root       170  0.0  0.0      0     0 ?        S    Sep08   0:00 [scsi_eh_5]
root       171  0.0  0.0      0     0 ?        I<   Sep08   0:00 [scsi_tmf_5]
root       178  0.0  0.0      0     0 ?        I<   Sep08   0:00 [kworker/1:1H-kblockd]
root       183  0.0  0.0      0     0 ?        I<   Sep08   0:00 [mlx4_en]
root       205  0.0  0.0      0     0 ?        I<   Sep08   0:00 [kworker/3:1H-kblockd]
root       256  0.0  0.0      0     0 ?        I<   Sep08   0:00 [kworker/2:1H-kblockd]
root       257  0.0  0.0      0     0 ?        S    Sep08   0:00 [jbd2/sda1-8]
root       258  0.0  0.0      0     0 ?        I<   Sep08   0:00 [ext4-rsv-conver]
root       299  0.0  0.0      0     0 ?        S<   Sep08   0:00 [loop0]
root       305  0.0  0.0      0     0 ?        I<   Sep08   0:00 [kworker/0:1H-kblockd]
root       611  0.0  0.2  87500 41156 ?        Ss   Sep08   0:22 /lib/systemd/systemd-journald
root       615  0.0  0.1 119712 26280 ?        Ssl  Sep08   0:00 /usr/bin/python3 -u /usr/libexec/vyos/services/vyos-hostsd
root       616  0.0  0.3 306200 60744 ?        Ssl  Sep08   0:02 /usr/bin/python3 -u /usr/libexec/vyos/services/vyos-configd
root       623  0.0  0.0  21628  5880 ?        Ss   Sep08   0:00 /lib/systemd/systemd-udevd
root       630  0.0  0.0   8080  7464 ?        Ss   Sep08   0:00 /usr/sbin/haveged --Foreground --verbose=1 -w 1024
root       715  0.0  0.0      0     0 ?        I<   Sep08   0:00 [ipmi-msghandler]
root       716  0.0  0.0      0     0 ?        I<   Sep08   0:00 [cryptd]
message+   728  0.0  0.0   8812  4136 ?        Ss   Sep08   0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root       732  0.0  0.0   8500  2784 ?        Ss   Sep08   0:00 /usr/sbin/cron -f
root       739  0.0  0.0   2320   764 ?        Ss   Sep08   0:00 /usr/sbin/acpid
root       740  0.0  0.0  19380  7100 ?        Ss   Sep08   0:01 /lib/systemd/systemd-logind
root       743  0.0  0.0      0     0 ?        SN   Sep08   0:00 [kipmi0]
root       745  0.0  0.0   2280    72 ?        S<   Sep08   0:00 /usr/sbin/atopacctd
daemon     780  0.0  0.0   5484  1968 ?        Ss   Sep08   0:00 /usr/sbin/atd -f
root       843  0.0  0.0   2288  1472 ?        Ss   Sep08   0:00 /sbin/netplugd -p /var/run/netplugd.pid
root       907  0.0  0.0  10240  3784 ?        Ss   Sep08   4:52 /usr/lib/frr/watchfrr -d -F traditional zebra bgpd ripd ripngd ospfd ospf6d isisd ldpd staticd bfdd
root      2249  0.0  0.3 361100 57812 ?        Ssl  Sep08   0:03 /usr/sbin/rsyslogd -n -iNONE
root      3069  0.0  0.0   2272    80 ?        Ss   08:47   0:00 /opt/vyatta/sbin/vyatta-conntrack-logging -p udp -e NEW -p icmp -e NEW -p other p -e NEW -p tcp -e NEW
root      3070  0.0  0.0   2272    88 ?        S    08:47   0:00 /opt/vyatta/sbin/vyatta-conntrack-logging -p udp -e NEW -p icmp -e NEW -p other p -e NEW -p tcp -e NEW
root      3071  0.0  0.0   2272    88 ?        S    08:47   0:00 /opt/vyatta/sbin/vyatta-conntrack-logging -p udp -e NEW -p icmp -e NEW -p other p -e NEW -p tcp -e NEW
root      3072  0.0  0.0   2272    88 ?        S    08:47   0:00 /opt/vyatta/sbin/vyatta-conntrack-logging -p udp -e NEW -p icmp -e NEW -p other p -e NEW -p tcp -e NEW
root      3073  0.0  0.0   2272    88 ?        S    08:47   0:00 /opt/vyatta/sbin/vyatta-conntrack-logging -p udp -e NEW -p icmp -e NEW -p other p -e NEW -p tcp -e NEW
root      3074  0.0  0.0   6640  2992 ?        S    08:47   0:00 sh -c conntrack -E -p udp -e NEW -o id -b 2097152 | logger -t log-conntrack -p daemon.notice
root      3075  0.0  0.0   6640  3132 ?        S    08:47   0:00 sh -c conntrack -E -p icmp -e NEW -o id -b 2097152 | logger -t log-conntrack -p daemon.notice
root      3076  0.0  0.0   6620   872 ?        S    08:47   0:00 conntrack -E -p icmp -e NEW -o id -b 2097152
root      3077  0.0  0.0   6640  3216 ?        S    08:47   0:00 sh -c conntrack -E -e NEW -o id -b 2097152 | grep -vE 'tcp|udp|icmp' | logger -t log-conntrack -p daemon.notice
root      3078  0.0  0.0   6620   872 ?        S    08:47   0:00 conntrack -E -p udp -e NEW -o id -b 2097152
root      3079  0.0  0.0   7668  1112 ?        S    08:47   0:00 logger -t log-conntrack -p daemon notice
root      3080  0.0  0.0   7668  1112 ?        S    08:47   0:00 logger -t log-conntrack -p daemon notice
root      3081  0.0  0.0   6640  3116 ?        S    08:47   0:00 sh -c conntrack -E -p tcp -e NEW -o id -b 2097152 | logger -t log-conntrack -p daemon.notice
root      3083  0.0  0.0   6620   872 ?        S    08:47   0:00 conntrack -E -e NEW -o id -b 2097152
root      3084  0.0  0.0   6072   892 ?        S    08:47   0:00 grep -vE tcp|udp|icmp
root      3085  0.0  0.0   7668  1048 ?        S    08:47   0:00 logger -t log-conntrack -p daemon notice
root      3086  0.0  0.0   6620   872 ?        S    08:47   0:00 conntrack -E -p tcp -e NEW -o id -b 2097152
root      3087  0.0  0.0   7668  1112 ?        S    08:47   0:00 logger -t log-conntrack -p daemon notice
root      3801  0.0  0.0      0     0 ?        I    09:55   0:01 [kworker/0:1-mm_percpu_wq]
Debian-+  3861  0.1  0.1  33596 18160 ?        Ss   Sep08  13:03 /usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -ipCidrRouteTable inetCidrRouteTable -f -p /run/snmpd.pid
root      3871  0.0  0.0      0     0 ?        I    09:55   0:00 [kworker/3:2-mm_percpu_wq]
root      3969  0.0  0.0  13812  7188 ?        Ss   Sep08   0:00 /usr/sbin/sshd -f /run/sshd/sshd_config -D
root      4032  0.0  0.0   5380  2020 ttyS0    Ss+  Sep08   0:00 /sbin/agetty -o -p -- \u --keep-baud 115200 ttyS0 vt220
root      4444  0.0  0.0      0     0 ?        I    11:02   0:00 [kworker/0:0]
root      4445  0.0  0.0      0     0 ?        I    11:02   0:00 [kworker/3:1-memcg_kmem_cache]
root      4448  0.0  0.0      0     0 ?        I    11:03   0:01 [kworker/2:1-events]
root      4449  0.0  0.0      0     0 ?        I    11:03   0:00 [kworker/2:3-mm_percpu_wq]
root      5713  0.0  0.0      0     0 ?        I    14:30   0:00 [kworker/u8:0-flush-8:0]
root      5770  0.0  0.0      0     0 ?        I    14:36   0:00 [kworker/u8:2-events_unbound]
root      5830  0.0  0.0      0     0 ?        I    14:50   0:00 [kworker/u8:1-events_unbound]
root      5831  0.0  0.0  14712  7788 ?        Ss   14:51   0:00 sshd: tantio [priv]
root      6435  0.0  0.0   9980  3740 pts/0    S+   14:53   0:00 sudo ps auxwww
root      6436  0.0  0.0  10628  3124 pts/0    R+   14:53   0:00 ps auxwww
ntp       7464  0.0  0.0  76476  3020 ?        Ssl  Sep11   0:59 /usr/sbin/ntpd -g -p /run/ntpd/ntpd.pid -c /run/ntpd/ntpd.conf -u ntp:ntp
frr      10029  0.3  4.1 1735332 679808 ?      Ssl  Sep08  24:47 /usr/lib/frr/zebra -d -F traditional -s 90000000 --daemon -A 127.0.0.1 -M snmp
frr      10034  0.3 14.0 2454268 2305676 ?     Ssl  Sep08  22:53 /usr/lib/frr/bgpd -d -F traditional --daemon -A 127.0.0.1 -M snmp -M rpki
frr      10041  0.0  0.0  35128 10516 ?        Ss   Sep08   0:15 /usr/lib/frr/ripd -d -F traditional --daemon -A 127.0.0.1 -M snmp
frr      10044  0.0  0.0  12116  5424 ?        Ss   Sep08   0:08 /usr/lib/frr/ripngd -d -F traditional --daemon -A ::1
frr      10047  0.0  0.0  36680 11808 ?        Ss   Sep08   5:34 /usr/lib/frr/ospfd -d -F traditional --daemon -A 127.0.0.1 -M snmp
frr      10050  0.0  0.0  35776 11092 ?        Ss   Sep08   0:33 /usr/lib/frr/ospf6d -d -F traditional --daemon -A ::1 -M snmp
frr      10053  0.0  0.0  13384  6632 ?        Ss   Sep08   0:09 /usr/lib/frr/isisd -d -F traditional --daemon -A 127.0.0.1
frr      10056  0.0  0.0  10712  4780 ?        S    Sep08   0:00 /usr/lib/frr/ldpd -L -u frr -g frr
frr      10057  0.0  0.0  10572  4816 ?        S    Sep08   0:00 /usr/lib/frr/ldpd -E -u frr -g frr
frr      10058  0.0  0.0  12784  5648 ?        Ss   Sep08   3:21 /usr/lib/frr/ldpd -d -F traditional --daemon -A 127.0.0.1
frr      10062  0.0  0.0  11132  4840 ?        Ss   Sep08   0:08 /usr/lib/frr/staticd -d -F traditional --daemon -A 127.0.0.1
frr      10065  0.0  0.0  11768  5392 ?        Ss   Sep08   0:09 /usr/lib/frr/bfdd -d -F traditional --daemon -A 127.0.0.1
root     10101  0.0  0.1 333192 27816 ?        Ssl  Sep11   0:14 /usr/bin/python3 -Es /usr/sbin/tuned -l -P
root     10102  0.0  0.0 234060  7280 ?        Ssl  Sep11   0:00 /usr/lib/policykit-1/polkitd --no-debug
root     11980  0.0  0.0   5608  1680 tty6     Ss+  Sep08   0:00 /sbin/agetty -o -p -- \u --noclear tty6 linux
root     11992  0.0  0.0   5608  1624 tty1     Ss+  Sep08   0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux
root     29512  0.0  0.0      0     0 ?        I    Sep12   0:00 [kworker/1:0-events]
root     31372  0.0  0.0      0     0 ?        I    00:00   0:00 [kworker/1:2-mm_percpu_wq]
root     31373  0.0  0.0   9972  9176 ?        S<Ls 00:00   0:03 /usr/bin/atop -R -w /var/log/atop/atop_20230913 600

sudo netstat -atunp

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:199           0.0.0.0:*               LISTEN      3861/snmpd
tcp        0      0 127.0.0.1:2601          0.0.0.0:*               LISTEN      10029/zebra
tcp        0      0 127.0.0.1:2602          0.0.0.0:*               LISTEN      10041/ripd
tcp        0      0 127.0.0.1:2604          0.0.0.0:*               LISTEN      10047/ospfd
tcp        0      0 127.0.0.1:2605          0.0.0.0:*               LISTEN      10034/bgpd
tcp        0      0 x.x.249.18:9999     	0.0.0.0:*               LISTEN      3969/sshd
tcp        0      0 x.x.249.21:9999     	0.0.0.0:*               LISTEN      3969/sshd
tcp        0      0 127.0.0.1:2608          0.0.0.0:*               LISTEN      10053/isisd
tcp        0      0 0.0.0.0:179             0.0.0.0:*               LISTEN      10034/bgpd
tcp        0      0 127.0.0.1:2612          0.0.0.0:*               LISTEN      10058/ldpd
tcp        0      0 127.0.0.1:2616          0.0.0.0:*               LISTEN      10062/staticd
tcp        0      0 127.0.0.1:2617          0.0.0.0:*               LISTEN      10065/bfdd
tcp        0      0 x.x.249.21:55044    	x.x.249.22:179      	ESTABLISHED 10034/bgpd
tcp        0      0 x.x.127.136:36890   	x.x.127.129:179     	ESTABLISHED 10034/bgpd
tcp        0      0 x.x.99.18:179         	x.x.31.211:53864    	TIME_WAIT   -
tcp        0      0 x.x.99.18:32814       	x.x.99.17:179         	ESTABLISHED 10034/bgpd
tcp        0      0 x.x.249.1:35746     	x.x.249.2:179       	ESTABLISHED 10034/bgpd
tcp        0      0 x.x.127.136:54790   	x.x.127.253:179     	ESTABLISHED 10034/bgpd
tcp        0      0 x.x.242.3:37669     	x.x.242.2:179       	ESTABLISHED 10034/bgpd
tcp        0      0 x.x.39.164:36354    	x.x.38.1:179        	ESTABLISHED 10034/bgpd
tcp        0      0 x.x.249.13:55636    	x.x.249.14:179      	ESTABLISHED 10034/bgpd
tcp        0      0 x.x.249.5:52622     	x.x.249.6:179       	ESTABLISHED 10034/bgpd
tcp6       0      0 ::1:2603                :::*                    LISTEN      10044/ripngd
tcp6       0      0 ::1:2606                :::*                    LISTEN      10050/ospf6d
tcp6       0      0 :::179                  :::*                    LISTEN      10034/bgpd
tcp6       0      0 xxxx:0:xxxx:1::52:60072 xxxx:0:xxxx:1::51:179   ESTABLISHED 10034/bgpd
tcp6       0      0 xxxx:0:xxxx:8:0:1:51622 xxxx:0:xxxx:8:0:1:7:179 ESTABLISHED 10034/bgpd
tcp6       0      0 xxxx:xxxx:a:2::2:179    xxxx:xxxx:a:2::1:54899  ESTABLISHED 10034/bgpd
tcp6       0      0 xxxx:xxxx:0:5::1:38070  xxxx:xxxx:0:5::2:179    ESTABLISHED 10034/bgpd
udp        0      0 0.0.0.0:3784            0.0.0.0:*                           10065/bfdd
udp        0      0 0.0.0.0:3785            0.0.0.0:*                           10065/bfdd
udp        0      0 0.0.0.0:4784            0.0.0.0:*                           10065/bfdd
udp        0      0 192.168.211.1:123       0.0.0.0:*                           7464/ntpd
udp        0      0 x.x.249.21:123      	0.0.0.0:*                           7464/ntpd
udp        0      0 x.x.249.5:123       	0.0.0.0:*                           7464/ntpd
udp        0      0 x.x.13.1:123         	0.0.0.0:*                           7464/ntpd
udp        0      0 x.x.249.1:123       	0.0.0.0:*                           7464/ntpd
udp        0      0 x.x.39.164:123      	0.0.0.0:*                           7464/ntpd
udp        0      0 x.x.99.18:123         	0.0.0.0:*                           7464/ntpd
udp        0      0 x.x.127.136:123     	0.0.0.0:*                           7464/ntpd
udp        0      0 x.x.249.13:123      	0.0.0.0:*                           7464/ntpd
udp        0      0 x.x.242.42:123      	0.0.0.0:*                           7464/ntpd
udp        0      0 x.x.242.3:123       	0.0.0.0:*                           7464/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           7464/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           7464/ntpd
udp        0      0 127.0.0.1:161           0.0.0.0:*                           3861/snmpd
udp        0      0 x.x.249.21:161      	0.0.0.0:*                           3861/snmpd
udp        0      0 x.x.249.18:161      	0.0.0.0:*                           3861/snmpd
udp6       0      0 :::3784                 :::*                                10065/bfdd
udp6       0      0 :::3785                 :::*                                10065/bfdd
udp6       0      0 :::4784                 :::*                                10065/bfdd
udp6       0      0 fe80::7efe:90ff:fea:123 :::*                                7464/ntpd
udp6       0      0 xxxx:xxxx:0:5::1:123    :::*                                7464/ntpd
udp6       0      0 fe80::7efe:90ff:fea:123 :::*                                7464/ntpd
udp6       0      0 fe80::7efe:90ff:fea:123 :::*                                7464/ntpd
udp6       0      0 fe80::7efe:90ff:fea:123 :::*                                7464/ntpd
udp6       0      0 xxxx:0:1000:8:0:1:3:123 :::*                                7464/ntpd
udp6       0      0 fe80::7efe:90ff:fea:123 :::*                                7464/ntpd
udp6       0      0 xxxx:0:1001:1::52:123   :::*                                7464/ntpd
udp6       0      0 fe80::7efe:90ff:fea:123 :::*                                7464/ntpd
udp6       0      0 fe80::7efe:90ff:fea:123 :::*                                7464/ntpd
udp6       0      0 fe80::7efe:90ff:fea:123 :::*                                7464/ntpd
udp6       0      0 xxxx:xxxx:a:2::2:123    :::*                                7464/ntpd
udp6       0      0 fe80::7efe:90ff:fea:123 :::*                                7464/ntpd
udp6       0      0 fe80::7efe:90ff:fea:123 :::*                                7464/ntpd
udp6       0      0 ::1:123                 :::*                                7464/ntpd
udp6       0      0 fe80::200:ff:fe00:0:123 :::*                                7464/ntpd
udp6       0      0 :::123                  :::*                                7464/ntpd
udp6       0      0 ::1:161                 :::*                                3861/snmpd

tantomo · September 13, 2023, 8:12am

ulimit -a

core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 63797
max locked memory       (kbytes, -l) 65536
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 63797
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

sudo dmesg

[409212.282955] IPv4: martian source x.x.14.130 from 0.0.0.0, on dev eth2.400
[409212.282962] ll header: 00000000: 7c fe 90 a3 a6 71 00 24 dc 43 5a 95 08 00
[409215.612620] IPv4: martian source x.x.14.130 from 0.0.0.0, on dev eth2.400
[409215.612622] ll header: 00000000: 7c fe 90 a3 a6 71 00 24 dc 43 5a 95 08 00

only that for last 100 line for dmesg
sudo journalctl | tail -n 100

Sep 13 14:38:15 xxxx kernel: IPv4: martian source x.x.27.54 from 0.0.0.0, on dev eth2.150
Sep 13 14:38:15 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 20 d8 0b f3 e8 bf 08 00
Sep 13 14:38:24 xxxx kernel: IPv4: martian source x.x.100.16 from 0.0.0.0, on dev eth2.150
Sep 13 14:38:24 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 20 d8 0b f3 e8 bf 08 00
Sep 13 14:38:26 xxxx kernel: IPv4: martian source x.x.100.16 from 0.0.0.0, on dev eth2.150
Sep 13 14:38:26 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 20 d8 0b f3 e8 bf 08 00
Sep 13 14:39:30 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:39:31 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:40:01 xxxx CRON[5771]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Sep 13 14:40:01 xxxx CRON[5772]: (smmsp) CMD (test -x /etc/init.d/sendmail && test -x /usr/share/sendmail/sendmail && test -x /usr/lib/sm.bin/sendmail && /usr/share/sendmail/sendmail cron-msp)
Sep 13 14:40:01 xxxx CRON[5771]: pam_unix(cron:session): session closed for user smmsp
Sep 13 14:40:02 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:40:39 xxxx kernel: IPv4: martian source x.x.27.54 from 0.0.0.0, on dev eth2.150
Sep 13 14:40:39 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 20 d8 0b f3 e8 bf 08 00
Sep 13 14:41:02 xxxx snmpd[3861]: truncating integer value > 32 bits
Sep 13 14:42:37 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:42:37 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:43:08 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:43:08 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:43:15 xxxx kernel: IPv4: martian source x.x.14.114 from 0.0.0.0, on dev eth2.400
Sep 13 14:43:15 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 00 24 dc 43 5a 95 08 00
Sep 13 14:43:29 xxxx kernel: IPv4: martian source x.x.14.114 from 0.0.0.0, on dev eth2.400
Sep 13 14:43:29 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 00 24 dc 43 5a 95 08 00
Sep 13 14:43:38 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:44:09 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:45:00 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:45:00 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:45:54 xxxx snmpd[3861]: truncating integer value > 32 bits
Sep 13 14:46:13 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:46:18 xxxx kernel: IPv4: martian source x.x.27.54 from 0.0.0.0, on dev eth2.150
Sep 13 14:46:18 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 20 d8 0b f3 e8 bf 08 00
Sep 13 14:46:28 xxxx kernel: IPv4: martian source x.x.100.100 from 0.0.0.0, on dev eth2.150
Sep 13 14:46:28 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 20 d8 0b f3 e8 bf 08 00
Sep 13 14:46:32 xxxx kernel: IPv4: martian source x.x.100.100 from 0.0.0.0, on dev eth2.150
Sep 13 14:46:32 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 20 d8 0b f3 e8 bf 08 00
Sep 13 14:46:37 xxxx kernel: IPv4: martian source x.x.100.100 from 0.0.0.0, on dev eth2.150
Sep 13 14:46:37 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 20 d8 0b f3 e8 bf 08 00
Sep 13 14:46:42 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:50:49 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:50:49 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:51:02 xxxx snmpd[3861]: truncating integer value > 32 bits
Sep 13 14:51:03 xxxx systemd[1]: opt-vyatta-config-tmp-new_config_5863.mount: Succeeded.
Sep 13 14:51:03 xxxx systemd[2129]: opt-vyatta-config-tmp-new_config_5863.mount: Succeeded.
Sep 13 14:51:20 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:51:20 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:51:20 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:52:12 xxxx kernel: IPv4: martian source x.x.14.130 from 0.0.0.0, on dev eth2.400
Sep 13 14:52:12 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 00 24 dc 43 5a 95 08 00
Sep 13 14:52:21 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:52:21 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:52:21 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:52:51 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:52:51 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:52:51 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:52:54 xxxx systemd[2129]: opt-vyatta-config-tmp-new_config_6140.mount: Succeeded.
Sep 13 14:52:54 xxxx systemd[1]: opt-vyatta-config-tmp-new_config_6140.mount: Succeeded.
Sep 13 14:52:58 xxxx systemd[1]: opt-vyatta-config-tmp-new_config_6140.mount: Succeeded.
Sep 13 14:52:58 xxxx systemd[2129]: opt-vyatta-config-tmp-new_config_6140.mount: Succeeded.
Sep 13 14:53:09 xxxx kernel: IPv4: martian source x.x.14.130 from 0.0.0.0, on dev eth2.400
Sep 13 14:53:09 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 00 24 dc 43 5a 95 08 00
Sep 13 14:53:13 xxxx kernel: IPv4: martian source x.x.14.130 from 0.0.0.0, on dev eth2.400
Sep 13 14:53:13 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 00 24 dc 43 5a 95 08 00
Sep 13 14:53:16 xxxx kernel: IPv4: martian source x.x.14.130 from 0.0.0.0, on dev eth2.400
Sep 13 14:53:16 xxxx kernel: ll header: 00000000: 7c fe 90 a3 a6 71 00 24 dc 43 5a 95 08 00
Sep 13 14:54:54 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:55:25 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:55:25 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:55:25 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:55:25 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:55:54 xxxx snmpd[3861]: truncating integer value > 32 bits
Sep 13 14:55:56 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:55:56 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:55:56 xxxx ntpd[7464]: routing socket reports: No buffer space available
Sep 13 14:56:21 xxxx sshd[6473]: Bad protocol version identification '\026\003\001' from 204.48.17.155 port 47458
Sep 13 14:56:21 xxxx sshd[6474]: Bad protocol version identification 'GET / HTTP/1.1' from 204.48.17.155 port 47810

arp -an | wc -l

Apachez · September 13, 2023, 11:38am

Im comparing with VyOS 1.5-rolling-202309130022.

Only “odd” I see is that your FRR/bgp process takes about 2.3GB of RAM, but this is expected if you do one or more full bgp-tables and/or soft-reconfigure (which will double the RAM usage).

These ulimits are set in 1.5-rolling, you could try to adjust them and see if it helps in your 1.3-rolling (and reboot or at least restart processes):

vyos@vyos:~$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 31706
max locked memory       (kbytes, -l) 1018792
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 31706
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

However Im not sure where these values are set within the Debian backend in VyOS (a regular Debian installation uses /etc/security/limits.conf but that is just default vanilla Debian).

Other thing to verify (along that arp theory, besides it was found out that changing arp/ndp table-size isnt properly set during boot but it works if you manually do a commit afterwards (changing the value, commit and changing it back, commit again: ⚓ T5575 ARP/NDP table-size isnt set properly) is what the kernel think about limit of arp-entries:

sudo sysctl -a | grep -i neigh.default.gc_thr

tantomo · September 14, 2023, 1:44am

Great!! I have succeeded in changing the arp/ndp table-size.

~$ sudo sysctl -a | grep -i neigh.default.gc_thr
net.ipv4.neigh.default.gc_thresh1 = 4096
net.ipv4.neigh.default.gc_thresh2 = 16384
net.ipv4.neigh.default.gc_thresh3 = 32768
net.ipv6.neigh.default.gc_thresh1 = 4096
net.ipv6.neigh.default.gc_thresh2 = 16384
net.ipv6.neigh.default.gc_thresh3 = 32768

But, for the ulimit i can’t change the max locked memory.
I did with pending signals and max user processes with common ulimit command. But when i try to change the max locked memory, i got this error

~$ ulimit -l 1018792
-vbash: ulimit: max locked memory: cannot modify limit: Operation not permitted

Apachez · September 14, 2023, 6:43am

Regarding those arp settings verify that they remain after a reboot in your case.

I dont know if the below would work regarding ulimit (as workaround until you update to 1.4 or newer).

Edit /etc/security/limits.conf and put these lines at the bottom, save and then reboot the box:

* soft  memlock  1018792
* hard  memlock  1048576

After reboot do another ulimit -a and see if “max locked memory” have changed or not?

tantomo · September 14, 2023, 7:36am

Many thanks, I’ll try later. Because it took me some time to be able restart the router.
Or maybe i’ll upgrade to 1.4 or 1.5 rolling just in case.