Update of /cvsroot/leaf/doc/guide/user-bering-uclibc In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv10206
Added Files: bucu-conntrack.xml Log Message: performance tweaking ip_conntrack --- NEW FILE: bucu-conntrack.xml --- <?xml version="1.0" encoding="UTF-8"?> <chapter> <chapterinfo> <authorgroup> <author> <firstname>K.-P.</firstname> <surname>Kirchdörfer</surname> <affiliation> <address><email>kapeka at users.sourceforge.net</email></address> </affiliation> </author> </authorgroup> <revhistory> <revision> <revnumber>0.1</revnumber> <date>2004-05-01</date> <authorinitials>kp</authorinitials> <revremark>Initial Document</revremark> </revision> </revhistory> </chapterinfo> <title id="bucu-conntrack">Increasing ip_conntrack_max and hashsize</title> <section> <title>Introduction</title> <para>Sometimes the defaults for netfilter conntrack (and thus NAT) does not fit the needs of a high-loaded firewall.</para> <para>The default sizes for ip_conntrack_max and hashsize (the number of seperate connections that can be tracked, and the size of the hash table that keeps track of them, repsectively) defaults to a percentage of your total memory size. This percentage is geared towards a 'general use' workstation with lots more memory (and fewer connections to track) than a typical special-purpose firewall box. The hash table works much better when it's size is a prime number.</para> <para>Beginning with Bering-uClibc 2.2 it is possible to tweak performance, while loading the ip_conntrack module (in <filename>/etc/modules</filename>).</para> </section> <section> <title>HowTo</title> <para>Detailed instructions can be found in the following document: <ulink url="http://www.wallfire.org/misc/netfilter_conntrack_perf.txt">http://www.wallfire.org/misc/netfilter_conntrack_perf.txt</ulink></para> <para>A handy table of prime numbers good for hash table sizes can be found at PlanetMath: <ulink url="http://planetmath.org/encyclopedia/GoodHashTablePrimes.html">http://planetmath.org/encyclopedia/GoodHashTablePrimes.html</ulink></para> </section> <section> <title>Thanks</title> <para>The idea and the information in this chapter is originally from a mail of Charles Steinkuehler sent to [EMAIL PROTECTED]</para> </section> </chapter> ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Leaf-cvs-commits mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits