Memory Issue Resolution
Attention! Do not change these parameters on your own. Please contact technical support for assistance.
mem_tracking_flow
— the amount of memory allocated for processing IPv4 flow when SSG starts.
Each processed flow will be placed in this memory and will be processed according to the policies and rules defined in the configuration. The occupancy of this pool can be monitored in/var/log/dpi/fastdpi_stat.log
(as described here). If the pool is exhausted, SSG will no longer be able to process new flows.mem_preset
— the method of memory initialization in DPI.
DPI allocates memory statically: at the start of the process and when creating some service profiles (such as NAT, blacklists, and whitelists), additional memory is not allocated during operation. Memory consumption grows because the Linux OS distinguishes between resident (marked as RES in top) and virtual (marked as VIRT in top) memory of the process. The peculiarity is that until the memory is initialized (actually initialized with zero), it is not recorded by Linux as resident and is moved there as it is initialized.
Settingmem_preset=1
in the/etc/dpi/fastdpi.conf
file allows DPI to initialize almost all allocated memory at the start of the process. This prevents the growth of resident memory (RES) during operation, as the memory is fully initialized immediately. However, this mode slows down the system start and requires a sufficient amount of physical RAM. It is recommended to take this factor into account and monitor the consumption of virtual (VIRT) and resident (RES) memory.mem_ssl_parsers
— the amount of memory allocated for SSL processing when SSG starts.
A clear sign that the current pool size is insufficient is the presence of errors in/var/log/dpi/fastdpi_slave_*.log
such as:[ERROR ][000000118902699100][042E5F001EF5C480] Can't allocate record ssl_state : IP : <IP:port> --> <IP:port> [ERROR ][000000118902954180][042E5F001EF5C50B] Can't allocate record ssl_state_sni : IP : <IP:port> --> <IP:port>
A lack of SSL parsers can lead to problems in processing HTTPS traffic (which may affect filtering by RKN lists).
If such errors occur, it is recommended to increase themem_ssl_parsers
value by 1.5 - 2 times (considering the amount of free RAM).