user-bering-uclibc bucu-conntrack.xml,NONE,1.1

KP Kirchd?rfer Sat, 01 May 2004 12:20:06 -0700

Update of /cvsroot/leaf/doc/guide/user-bering-uclibc
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv10206


Added Files:
        bucu-conntrack.xml 
Log Message:
performance tweaking ip_conntrack


--- NEW FILE: bucu-conntrack.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<chapter>
  <chapterinfo>
    <authorgroup>
      <author>
        <firstname>K.-P.</firstname>

        <surname>Kirchdörfer</surname>

        <affiliation>
          <address><email>kapeka at users.sourceforge.net</email></address>
        </affiliation>
      </author>
    </authorgroup>

    <revhistory>
      <revision>
        <revnumber>0.1</revnumber>

        <date>2004-05-01</date>

        <authorinitials>kp</authorinitials>

        <revremark>Initial Document</revremark>
      </revision>
    </revhistory>
  </chapterinfo>

  <title id="bucu-conntrack">Increasing ip_conntrack_max and hashsize</title>

  <section>
    <title>Introduction</title>

    <para>Sometimes the defaults for netfilter conntrack (and thus NAT) does
    not fit the needs of a high-loaded firewall.</para>

    <para>The default sizes for ip_conntrack_max and hashsize (the number of
    seperate connections that can be tracked, and the size of the hash table
    that keeps track of them, repsectively) defaults to a percentage of your
    total memory size. This percentage is geared towards a &#39;general
    use&#39; workstation with lots more memory (and fewer connections to
    track) than a typical special-purpose firewall box. The hash table works
    much better when it&#39;s size is a prime number.</para>

    <para>Beginning with Bering-uClibc 2.2 it is possible to tweak
    performance, while loading the ip_conntrack module (in
    <filename>/etc/modules</filename>).</para>
  </section>

  <section>
    <title>HowTo</title>

    <para>Detailed instructions can be found in the following document: <ulink
    
url="http://www.wallfire.org/misc/netfilter_conntrack_perf.txt";>http://www.wallfire.org/misc/netfilter_conntrack_perf.txt</ulink></para>

    <para>A handy table of prime numbers good for hash table sizes can be
    found at PlanetMath: <ulink
    
url="http://planetmath.org/encyclopedia/GoodHashTablePrimes.html";>http://planetmath.org/encyclopedia/GoodHashTablePrimes.html</ulink></para>
  </section>

  <section>
    <title>Thanks</title>

    <para>The idea and the information in this chapter is originally from a
    mail of Charles Steinkuehler sent to [EMAIL PROTECTED]</para>
  </section>
</chapter>


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Leaf-cvs-commits mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits

[Leaf-cvs-commits] doc/guide/user-bering-uclibc bucu-conntrack.xml,NONE,1.1

Reply via email to