You don't. Maybe that's conntrack's default, but you can set it to a higher
number manually. The required memory is approx 400b per connection (depends on
iptables/kernel compile time options). The rather conservative default (hashsize
= 1/16384th of RAM) is for a generic system. For more info look at
ip_conntrack_core.c
65535 connections need about 25MB in RAM, so before starting iptables, do
modprobe ip_conntrack hashsize=8192
(contrack_max is auto-set to 8*hashsize, this is the recommended relation). In
fact my distro Shurdix automatically sets up larger hashsize than the default,
depending on system memory.
Hmm, I did not have much time to solve this problem at the time and
documentation was hard to come by at the time and what I did find was old.
Alass I was not subscribed to this list to ask for help either. Note things
have changed sense then. :)
While a redundant system is indeed a good idea, I recommend making sure the
router is rock stable. This doesn't necessarily require high-end / fast
hardware, it is recommended to stress test it before going live
(memtest/cpuburn/whatever).
My tip is not to use "primitive" network cards like those based on rtl8139 which
you require high bandwidth. This has the most noticeable impact on performance.
I have ok experience with 3com's, I've heard intels are even better.
I would agree to both points. I have had good luck with the rtl8139s on Cable / DSL and T1 routers
but I would want something better (3C905x cards) for a much higher bandwidth installation. The
redundant (identical) system is for those cases where the cleaning crew and / or momma nature and /
or Mr Murphy have their way with your box. We have all had it happen (or will) in some way or
another at some time. It is not "if" a box will fail in some way, but rather
"when". The failure may not be any thing you could prevent. I think the stores in
Florida this year are a good example of that.
Grant. . . .
_______________________________________________
LARTC mailing list
[email protected]
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
