Re: dyn buckets

[Luigi Rizzo]

On Fri, Sep 10, 2004 at 03:51:48PM -0400, Don Bowman wrote:
> From: [EMAIL PROTECTED]
> > I have a firewall running 4.10 that handles around 
> > 20mbits/sec of traffic 
> > and has around 500 ipfw rules.
> > 
> > Lately I've noticed that net.inet.ip.fw.curr_dyn_buckets 
> > seems to be maxing 
> > out.  I've increased net.inet.ip.fw.dyn_buckets a few times, 

what hits the limit is the number of rules not the number
of buckets -- try raising net.inet.ip.fw.dyn_max as
suggested.

cheers
luigi

> > but they seem 
> > to max out each time.
> > 
> > Is there any problem with increasing 
> > net.inet.ip.fw.dyn_buckets far beyond 
> > the default?  (I'm at 2048 now)
> 
> I use 
> net.inet.ip.fw.dyn_buckets=16384
> net.inet.ip.fw.dyn_syn_lifetime=5
> net.inet.ip.fw.dyn_max=32000
> 
> 
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: dyn buckets

[Don Bowman]

From: [EMAIL PROTECTED]
> I have a firewall running 4.10 that handles around 
> 20mbits/sec of traffic 
> and has around 500 ipfw rules.
> 
> Lately I've noticed that net.inet.ip.fw.curr_dyn_buckets 
> seems to be maxing 
> out.  I've increased net.inet.ip.fw.dyn_buckets a few times, 
> but they seem 
> to max out each time.
> 
> Is there any problem with increasing 
> net.inet.ip.fw.dyn_buckets far beyond 
> the default?  (I'm at 2048 now)

I use 
net.inet.ip.fw.dyn_buckets=16384
net.inet.ip.fw.dyn_syn_lifetime=5
net.inet.ip.fw.dyn_max=32000


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"