foxy 202 wrote: > > Hi all, > I manage network with two connections with l00Mbit > In the past when network wasn't so load everything was OK, now > in pick hours load over border server from 1.0 to 1.5 / it isn't so > big / > and for me is very strange why I have increasing of ping timeout > from 0.5- 5ms in normal hour to 50-100 ms in pick hours.. > > server is with good hardware > AMD 64 Dualcore 3800+ > Intel Gigabit Ethernet > 1 GB RAM > Debian sarge 2.6.16 #2 SMP kernel > > I use about 240 mangle rules with iptables to mark download traffic > and to > limit it but when I try to load more rules server increase load and > begin to drop > packages :( > > my question is why when I try to load new 200 mangle rules / only > mangle rules / server increase load average and ping timeout increase > to 50-100 ms ? > and second is what is better solution for networks with more then > 100Mbit traffic .. > to use iptables mangle rules + u32 or to use more u32 filters and > less mangle rules ? > > Actually I don't have experience with so big traffic and I need any > advice is welcome. > > > Best Regards > Emil Emil, I don't have any real answers but I encountered the same problem you have, except your hardware is a lot better than mine. I'd load 255 rules and the keyboard would become unresponsive and the network was terribly slow. Not just pings, everything. I changed the NIC and that helped. I've forgotten what I replaced it with, but it uses the Tulip driver and it is 100Mbit. I changed iptables source code for connection tracking. TCP conntrack is set to track connections for 5 DAYS! If I recall correctly, I changed that to 20 minutes. That reduced the size of /proc/net/ip_conntrack and that at least made the keyboard OK, but it was still not enough. You should search the mailing list archives for hashing. (I gave up trying to maintain 255 marks.) -- gypsy _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc