On Tue, 17 Oct 2006, Retesh wrote: > I want to increase the number of IPsets in a system to a high number > say 50000 (default is 255). What will be the impact on performance? No problem - the sets are referred by index in netfilter (i.e in the iptables rules). The set *creation* in such a high number can take a while, however. > Has someone tried this, or can some explain the implementation of the > ipsets, so that I can estimate the impact on kernel? I haven't heard about such an extreme setup. But if such a high number of sets are really required I'd investigate other solutions like nf-hipac, which might easily be a better solution. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
