ip_conntrack_core and floods with different ports (again :)
Martin Josefsson
gandalf@wlug.westbo.se
Fri, 2 Jun 2000 17:01:19 +0200 (CEST)
Hi
This is not a failure report.
I applied Rustys patch against 2.4.0test1 and now it works just fine.
As a little test (I was curious) I upped
/proc/sys/net/ipv4/ip_conntrack_max a bit while running udpsic, tcpsic,
icmpsick and isic throu the router (doing NAT).
with 8192, 16384 it works fine, with 32768 the connections to the outside
world becomes a little sluggish but not much, with 65535 The connections
became real sluggish.
I know that this is because we have to go over the hashes to find a
connection to throw out to make room for the new one. And this is beeing
done all the time.
I was just wondering if there's any tweaks that can be done so that it
doesn't hurt the performance to much.
/Martin
PS. this was on a dual pIII 550 with 128MB ram. and netfilter compiled
without debugging
The three best things about going to school are June, July, and August.