2002-07-02 23:52:06+0200, Patrick Schaaf <[EMAIL PROTECTED]> -> > Hi all, > > I have put a tarball at http://bei.bof.de/cttest-0.1.tar.gz > Unpack, look at README, and reproduce the gnuplot pictures I have > mentioned earlier today (at http://bei.bof.de/ex1/) > > I would love to see results from other kinds of workloads. > > thanks in advance > Patrick
I've tested it on our router data. The router holds one mayor DALnet server (~7000K users) and one minor EFnet-server (~700 users) behind. Also about 1000 student computers. The DALnet-server was attack today and yesterday with 70K pps icmp reply. However I filtered that (in mangle PREROUTING) fast and I don't know how much impact is show in the conntrack. I also have limiters on state NEW to prevent attacks to fill the conntrack. Graphs at: http://aaricia.hemmet.chalmers.se/~gozem/cttest/ Stats for the actuall running conntrack is: $MODPROBE ip_conntrack hashsize=131072 echo 262144 > /proc/sys/net/ipv4/ip_conntrack_max (Yes meaning average bucket-length to be 2 not 8). Conntrack was using about 50K slabs according to /proc/slabinfo However looking at the stats, I will change hashsize to a primenumber fast :-) I collected this data 5am during absolut low time. I'll try again later at primetime :-) One comment: In your script ctplot you have an absolute path to gnuplot which I guess not everyone has the same as you :-) -- /Joakim Axelsson A.K.A Gozem@EFnet & OPN
