Ronny
At 23:14 08.10.2004 +0200, Ronny Aasen wrote:
>using bering and bering-uclibc, for routers not firewalls
>i keep running into the arp table limit and the ip_conntrack limit.
>
>the arp limit is noticed by the message 'neighbour table overflow' in
>dmsg, and fixed by
>
>echo 16 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
>echo 256 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
>echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
>
>more info at: http://www.rstack.net/tuning_proc_for_arp.html
>
>the ip_conntrack limit is noticed by 'ip_conntrack table full dropping
>packet'
>
>and fixed by something like
>echo 65000 > /proc/sys/net/ipv4/ip_conntrack_max
>
>both of these limits make the box drop packets.
>
>so my question is.
>Can these entries be incorperated into the lrcfg meny somewhere.
>with a lot of the nice comments that we'v all come to love :)
>
>i have noticed most of these limits the hard way. By customers
>complaining about poor performance at the worst possible time (tm)
>
>or is there already such a system, and i am just to blind to spot it ?
>the network.options maybee ?
good point IMHO
you can try this
/etc/network/options:
ip_forward=no
spoofprotect=yes
syncookies=no
# adjust arp table
arp_table_adjust=yes
gc_stale_time=15 # stale time for arp entries
default_gc_stale_time=15 # default stale time for arp entries
gc_interval=5 # arp garbage collection interval
gc_thresh1=256 # arp garbage collection lower threshold
gc_thresh2=2048 # arp garbage collection aggressive threshold
gc_thresh3=4096 # arp garbage collection upper threshold
and the following code fragment in /etc/init.d/networking
.......
arp_table_adjust()
{
. /etc/network/options
echo "adjusting arp table values..."
echo "adjusting the arp entry stale time..."
[ X$gc_stale_time != "X" ] && for i in `find /proc/sys/net/ipv4/neigh/ -name
gc_stale_time |
do
echo $gc_stale_time > $i
done
[ X$default_gc_stale_time != "X" ] && echo $default_gc_stale_time >
/proc/sys/net/ipv4
echo adjusting the garbage collector interval
[ X$gc_interval != "X" ] && echo "echo $gc_interval >
/proc/sys/net/ipv4/neigh/default/gc_in
echo adjusting the arp table thresholds
[ X$gc_thresh1 != "X" ] && echo $gc_thresh1 >
/proc/sys/net/ipv4/neigh/default/gc_thresh1
[ X$gc_thresh2 != "X" ] && echo $gc_thresh2 >
/proc/sys/net/ipv4/neigh/default/gc_thresh2
[ X$gc_thresh3 != "X" ] && echo $gc_thresh3 >
/proc/sys/net/ipv4/neigh/default/gc_thresh3
echo "done..."
}
doopt () {
optname=$1
default=$2
opt=`grep "^$optname=" /etc/network/options`
if [ -z "$opt" ]; then
opt="$optname=$default"
fi
optval=${opt#$optname=}
if [ "$optval" = "yes" ]; then
eval $optname
fi
}
case "$1" in
start)
doopt spoofprotect yes
doopt syncookies no
doopt ip_forward no
doopt arp_table_adjust no
......
I will do a patch later
cheers
Erich
THINK
P�ntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id�065&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
