Hello, I've tried to change ipt_conntrack hashsize and con under my debian charge but doesn't work ! Ive got 2876Mb available for conntrack so I've done (according to some previous mail and this http://www.wallfire.org/misc/netfilter_conntrack_perf.txt) CONNTRACK_MAX = 2876 * 64 = 184064 HASHSIZE = 2876 * 8 = 23002 But the near power of 2 is 2^16 = 131072 ... I'm not sure that if it better to put 184064 or 131072 ? Seems that netfilter algorythm is more eficient with power of 2 value ? I can set the CONNTRACK_MAX value but not the HASHSIZE ... I've tried add hashsize= paremeter in /etc/modules or in /etc/modprobe.d/arch/i386 and I've done an "update-modules" ... When reboot the server the value still 8192 ???? Any Ideas ? Moreover I've read somewhere that is better to augment HASHSIZE value to 1:2 ratio ... in my case 65440 But how can I determine the best value ? My computer is P4 Hyper Threading 3.6 Ghz ... Might be I should put 131072 as CONNTRACK_MAX ? This server is a bridge that only do L7 QoS (filter + o - 70 Mbits for > 600 customers ). # cat /etc/sysctl.conf net.ipv4.netfilter.ip_conntrack_max = 131072 #cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 131072 # cat /proc/sys/net/ipv4/netfilter/ip_conntrack_buckets 8192 #cat /etc/modprobe.d/arch/i386 alias eth0 tg3 alias eth1 tg3 alias eth2 e1000 options ipt_conntrack hashsize=65440 Many thanks for you help Regards _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
