On Monday 02 August 2004 7:15 pm, Small, Jim wrote:
> I'm curious, what is the maximum number of concurrent connections possible
> with IPTables using connection tracking for udp and for tcp? (using latest
> 2.4 kernel and 2.6 kernel)
Depends on the amount of memory in your machine, and the setting of
/proc/sys/net/ipv4/ip_conntrack/max
Each connection uses about 300 bytes (see output of dmesg for the exact size
for your particular system), therefore a system with 1Gbyte RAM could support
about 3.5 million connections.
> I'm currently taking a Cisco firewall class and they're claiming that PIX
> which supports 500,000 concurrent connections with the appliance version
> and 1,000,000 with the blade version vastly exceeds the capabilities of all
> general purpose O/S'.
I've never tested a fierwall with >256Mbytes RAM, and I'd be hard pushed to
think of a way to effectively test >1 million connections too (sure, you
could use a Windows machine infected with a worm, but that would test
half-open connections with nothing on the other end, not real connections
passing data).
Regards,
Antony.
--
90% of networking problems are routing problems.
9 of the remaining 10% are routing problems in the other direction.
The remaining 1% might be something else, but check the routing anyway.
Please reply to the list;
please don't CC me.
