Solaris 10, pfil 2.1.5+patch, ipfilter 4.1.5+patch

[Jorgen Lundman]

I thought I would once again tempt fate by saying the versions that we tried 
here last week is still doing well. Much better than any version we tried of 
Ipfilter 4.x and Solaris 9+.

 SunOS nat04 5.10 Generic i86pc i386 i86pc
10:03am  up 7 day(s), 18:01,  1 user,  load average: 0.00, 0.00, 0.00
# ipnat -s
mapped  in      280588939       out     257282001
added   13694365        expired 0
no memory       0       bad nat 37233
inuse   3957
rules   9
wilds   0
# ipfstat
bad packets:            in 0    out 0
 IPv6 packets:          in 0 out 0
 input packets:         blocked 79214 passed 539011429 nomatch 341931277 
counted 0 short 1
output packets:         blocked 57964 passed 538750389 nomatch 366210038 counted 
0 short 1
 input packets logged:  blocked 37743 passed 0
output packets logged:  blocked 0 passed 0
 packets logged:        input 0 output 0
 log failures:          input 17629 output 0
fragment state(in):     kept 0  lost 0  not fragmented 0
fragment state(out):    kept 0  lost 0  not fragmented 0
packet state(in):       kept 0  lost 0
packet state(out):      kept 0  lost 0
ICMP replies:   0       TCP RSTs sent:  323
Invalid source(in):     0
Result cache hits(in):  158443794       (out):  158420526
IN Pullups succeeded:   688174  failed: 539
OUT Pullups succeeded:  744361  failed: 0
Fastroute successes:    323     failures:       0
TCP cksum fails(in):    6       (out):  0
IPF Ticks:      1339152
Packet log flags set: (0)
        none

# ipfstat -s
IP states added:
        79944 TCP
        0 UDP
        0 ICMP
        28250440 hits
        605220050 misses
        0 maximum
        0 no memory
        0 max bucket
        0 maximum
        0 no memory
        1 bkts in use
        1 active
        0 expired
        0 closed
State logging enabled
State table bucket statistics:
        1 in use
        0.02% bucket usage
        0 minimal length
        1 maximal length
        1.000 average length


For testing purposes, I threw my L4 software on one of the smaller clusters of 
33 apache machines, and it didn't mind that either:

Mar  9 14:57:51 netbsd l4ip: cluster 'www' operating at 96.97% health (32/33)

I can't really show the graphs, but it nice to see we have had 0 packet loss 
since the change, when the previous year looked like Switzerland. The number of 
NAT entries are roughly half what they used to be, but that is most likely due 
to the NAT table ttl being tweaked lower.

Thank you.
Lund
--
Jorgen Lundman       | <[EMAIL PROTECTED]>
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo    | +81 (0)90-5578-8500          (cell)
Japan                | +81 (0)3 -3375-1767          (home)