On Thu, Jul 19, 2007 at 05:18:19PM -0700, Konstantin Svist wrote: > alright, so far I have: > > net.ipv4.tcp_window_scaling = 1 > net.ipv4.tcp_syncookies = 1 > net.core.rmem_max = 16777216 > net.core.wmem_max = 16777216 > net.ipv4.tcp_rmem = 4096 87380 16777216 > net.ipv4.tcp_wmem = 4096 65536 16777216 > net.ipv4.tcp_no_metrics_save = 1 AFAIK those values do not influence netfilter performance, just local tcp socket performance. > net.ipv4.netfilter.ip_conntrack_max = 1024000 > > > what would you recommend for the buckets? is default (8192) reasonable? At the moment I am always setting this to the value of ip_conntrack_max (on the theory that this should result in constant lookup times), as I can spare the memory. But I haven't run any real performance tests with lower hash bucket counts.... The FAQ says though, that one should use odd hash bucket counts, so you might want to decrease that by one.
Attachment:
signature.asc
Description: Digital signature
