network: Many interfaces lead to "kernel receive buffer overrun"

[haslersn]

systemd version the issue has been seen with
241, but the relevant code has not changed since.

Used distribution
Debian 10

Expected behaviour you didn't see
systemd-networkd.service should start successfully.

Unexpected behaviour you saw
With about 200 interfaces (100 VLANs and a bridge on each of them), when starting systemd-networkd I get the following error in the journal:

systemd-networkd[1831]: Could not enumerate addresses: No buffer space available

Running sudo SYSTEMD_LOG_LEVEL=debug /lib/systemd/systemd-networkd gives a bit more insight:

rtnl: kernel receive buffer overrun
Could not enumerate addresses: No buffer space available

The buffer that is overrun is probably this one somewhere inside this function.

Steps to reproduce the problem

• Add 100 VLAN interfaces to one of your interfaces/bridges.
• Add a bridge to each of those interfaces
• sudo systemctl restart systemd-networkd

[yuwata]

Could you give us a script or .netdev files to generate the interfaces to reproduce the issue?

[haslersn]

Attached is a .tar file which I had to rename to .txt in order to upload it here.
systemd-network.txt

It is also weird that, using that configuration, starting systemd-networkd.service works on only one of our hypervisors and doesn't work on the other one, where I discovered the mentioned error.

Even more weird: Running sudo /lib/systemd/systemd-networkd gives the mentioned error on both of our hypervisors.

[yuwata]

Hmm, I cannot reproduce the issue with your config. Also, I've tested with 2000 dummy device or 1000 veth interface, but they seem to work fine. Could you test the issue with v244?

[haslersn]

Yes, maybe I can test with a newer version on NixOS or in a VM.

Did you only test via the service, or also by running /lib/systemd/systemd-networkd directly?

[ssahani]

I think this a very complex situation. Rather than we try to reproduce it if you give us that would be more useful. And it should not restricted to one distribution.

[haslersn]

I did not say anything against that. It was a question about your past test.

[ssahani]

Surely not we just trying to get a reproducer so that we can help you solve your problem . Do you figure?

[poettering]

i figure we should just set the socket buffer for the netlink socket ridiculously high, like udev does. Socket memory is nowadays properly accounted properly to the processes owning them, hence that's not even a bad idea.. If we do that, then the issue should not go away, but be very hard to reproduce

[yuwata]

@haslersn I guess a workaround for this issue is extending receive buffer size in systemd-networkd.socket, e.g. by creating the following drop-in file:

[Socket]
ReceiveBuffer=16M

[yuwata]

It is also weird that, using that configuration, starting systemd-networkd.service works on only one of our hypervisors and doesn't work on the other one, where I discovered the mentioned error.

I guess one host enables systemd-networkd.socket, and the other one disables it.

Even more weird: Running sudo /lib/systemd/systemd-networkd gives the mentioned error on both of our hypervisors.

In that case, it is almost equivalent that .socket is disabled. So, it is reasonable.

[poettering]

Bumping ReceiveBuffer= is something we definitely should do by default btw. The workaround @yuwata is not just a workaround, but part of the solution I think.

[haslersn]

Starting systemd-networkd.socket solved the issue! Do you still want to bump the ReceiveBuffer=, or can this be closed?

[andir]

I don't think this has been fixed (entirely). I am running into a very similar case with 200 VLAN interfaces. This is on v245.5 on both NixOS and Fedora 33 (fedora systemctl --version gives v245.5-2.fc33).

On the first start (during system bootup) I am observing timeouts and assertions: https://gist.githubusercontent.com/andir/616f937189d176da86dbe7aa0f65217e/raw/918c9926f66c5788d9de2795dee5200331daf8c5/l (as mentioned in #15669 (comment))

Manually restarting networkd (systemctl restart systemd-networkd) after bootup leads to networkd just exiting with code 1 and the same logged error as originally posted in this issue:

router # [  652.004288] systemd-networkd[1074]: rtnl: kernel receive buffer overrun
router # [  652.005020] systemd-networkd[1074]: Could not enumerate addresses: No buffer space available

Increased buffer size further (1024MB) didn't change that behavior.

The networkd config files that I used are here: https://gist.github.com/andir/7963aa3edcd5b834224515f826f10579 You might have to change the 00-vlans.network file to match whatever hardlink there already is in your test setups.

[andir]

@yuwata This should probable be re-opened as the initial problem isn't gone but only worked around by activating the systemd-networkd.socket unit. I am also not entirely sure the fix introduced in #14434 actually does help at all. From my limited understanding we are running out of buffer space on the kernel side and increasing our receive buffer will probably not help there.

[andir]

I spent a bit more time on this and this bug is indeed partially fixed by the increase of buffer size. At least the rtnl: kernel received buffer overrun messages go away if you set an appropriate value (512MB did it for me) for ReceiveBuffer= in systemd-networkd.socket and obviously also enable that unit.

[tconrado]

by a mistake, instead creating the adapter and moving to its namespace, we created 195 adapters on the host + 3 others that provide the connectivity and we started to get systemd-networkd[2296549]: Could not enumerate addresses: No buffer space available; raising the property ReceiveBuffer=1024M did not help. On the other hand, using namespaces, we can confirm that the system was stable even with 2500 namespaces while all of those had at least 1 IPv6 and some with IPv4. So maybe, this is a "suitable" strategy to deal with multiple IPs (netns)

[haslersn]

2500 namespaces while all of those had at least 1 IPv6 and some with IPv4. So maybe, this is a "suitable" strategy

Not really, as long as systemd-networkd doesn't support configuring network namespaces.

[andir]

by a mistake, instead creating the adapter and moving to its namespace, we created 195 adapters on the host + 3 others that provide the connectivity and we started to get systemd-networkd[2296549]: Could not enumerate addresses: No buffer space available; raising the property ReceiveBuffer=1024M did not help. On the other hand, using namespaces, we can confirm that the system was stable even with 2500 namespaces while all of those had at least 1 IPv6 and some with IPv4. So maybe, this is a "suitable" strategy to deal with multiple IPs (netns)

@tconrado What version of systemd was this with? IIRC the latest release(s) have somewhat mitigated the issue.

[DanielWeeber]

Same problem here with one "real" interface and some docker interfaces. ReceiveBuffer=512M did not help

[apalacheno]

I just stumbled across this issue on Ubuntu 20.04 using Ubuntu's Netplan.io in version 0.102-0ubuntu1~20.04.2. Systemd is at version 245 (245.4-4ubuntu3.6).

I was unable to create more than 21 bridged VLANs. Trying to create more bridged VLANs resulted in symptoms as described above.

Enabling and activating systemd-networkd.socket seems to mitigate this issue. Initial testing suggests that this solution also survives restarts.

[ImmoWetzel]

I also think this should be rewritten or reopened. I had same issues on several up2date machines last week.

[yuwata]

@ImmoWetzel and others, if you still have the issue with recent systemd (currently, v248, v249, or newer), then please open a new issue with debugging logs of networkd and your relevant configs (.network, .netdev, and so on).

Also, please try to increase ReceiveBuffer=128M in systemd-networkd.socket.