On 9/22/05, nate <[EMAIL PROTECTED]> wrote:
> Greetings
>
> I don't have a good way to test generating large numbers
> of states so I was wondering for a server with 2GB of memory
> which all it does is pf how many states can it handle? I
> started with the default of 10k, exausted that pretty quick,
> then upped it to 32k about 3 weeks ago then exausted that,
> upgraded it to 90k last night, and just now I see it hovering
> at around 70k.
>
> OpenBSD 3.7 with Intel Xeon 3.4Ghz CPU 2GB memory, 8 "em"
> interfaces(only 1 of which is being used by pf at this
> time for state info)
Been wondering what the max states are myself. I've got a 3.7
firewall box set up that's currently routing around 20-30Mb/s (with a
pps rate of round 2.5 -3k), and I've seen state table entries over
100k a couple of times. I went ahead and set my limit at 200k, and
we've not yet approached that, so I'm just watching it to see if I
need to up it some more.
As far as general resources, the box itself is bored silly. I
especially like that the interrupts have consistently stayed at zero
(though I'll admit it's got good I/O - Gigabit Ethernet cards
installed in 133Mhz PCI-X slots, which is really the only way to go).
State Table Total Rate
current entries 85143
searches 23873195139 6541.3/s
inserts 393193087 107.7/s
removals 393107944 107.7/s
load averages: 0.09, 0.11, 0.08
22:54:30
36 processes: 35 idle, 1 on processor
CPU states: 0.0% user, 0.0% nice, 0.2% system, 0.0% interrupt, 99.8% idle
Memory: Real: 17M/151M act/tot Free: 853M Swap: 0K/2048M used/tot
No worries so far.
