On Wed, 4 May 2005, bharathi wrote: > I am planning to implement iptables log feature on a server > machine(Dual xeon processor,Intel e100 cards,80GB SCSI and 2GB RAM) > which is running in bridge mode (On RH 7.3).The average traffic on this > machine is vary from 40-60Mbps.Hence I require some suggestion for some > my questions like, That seems to be a decent machine. > 1) On this High traffic the kernel will be stable/crash ? We tested netfilter in Gbit environment and could pump trough 200,000pps, when NAT-ing all the traffic. There was no stability problem whatsoever. > 2) What would be the CPU Load and the server is able to do this job > without any pain ? If there will be no exotic and expensive matches like 'string', then there shouldn't be CPU problems. However choosing a good system bus, nice interfaces and fastest RAM you can get will serve well. > 3) Up to how much traffic the iptables/kernel can able to handle without > any issue and what should I do additionally if I need the > iptable-log should handle this much traffic? Set up another machine connected via a third interface directly and let that machine fight with the disk I/O issues. Use the ULOG target instead of LOG. (And of course disable logging on the console :-) Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
