NG Firewall is made up of two general classes of programs - the Untangle Virtual Machine and the rack applications themselves. The Untangle Virtual Machine (or UVM) is a collection of Java classes that runs entirely inside a Java Virtual Machine (JVM). Memory used by the UVM is represented as memory used by the Java process on the system. Memory released by the UVM must be processed by the JVM garbage collector before being released to the operating system.
The other class of programs are the ancillary daemons that operate on network packets - examples include Spam Blocker (spamassassin), Application Control (classd) or Virus Blocker Lite (clamav). These processes all use their own memory which is directly acquired from the operating system.
Linux also uses any free memory for temporary storage of data as it moves it around the system. This greatly speeds up I/O operations.
With all that being said, we can take a look at a few graphs from a real NG Firewall system:
The Memory Usage report displays the actual usage of the real or physical RAM. This graph can give you an indication of an issue occurring over a time period. Green indicates usage, white indicates free memory.
The Swap Usage report, naturally, displays the amount of memory swap that is occurring on the appliance. Swapping is the process whereby a page of memory is copied to the pre-configured space on the hard disk, called swap space, to free up that page (chunk) of memory. A little bit of swap usage is okay. (More on that in the conclusion below.)
Here is the output of free -m command on the system (numbers are in MB):
The first line line shows "free memory" that doesn't include buffers (the temporary cache). To get the real free memory, you want the second line, which counts buffers as free memory. As you can see, the system has 720MB free.
A little bit of swap usage is okay as it's mostly "idle" memory that can't be accessed or duplicated memory that isn't pulled into real memory unless it's being written to. Generally speaking, we don't want to see swap growing. If your NG Firewall starts swapping, bad things can start happening. If a system like the NG Firewall (which is mostly performing I/O operations) starts swapping, things start to go downhill very quickly. NG Firewall will likely not be accessible through the web GUI and appears to stop passing traffic, however it's really just busy working on packets that were sent to it previously. As it gets further behind, traffic actually stops getting sent (people stop trying to use the network because it's down) and after a few minutes it recovers.
In situations such as the one laid out above, adding RAM should help.Follow