On 5/22/10 5:58 PM, sangprabv wrote: > Yes I agree with you it's all about IPTables , but what made me > wonder is what things that cause the traffics lost here? Is it about > conntrack? Or anything else? Do you have any conntrack or anything > else setup tips?
>> On 5/22/10 5:03 PM, sangprabv wrote: >> >>> Another issue that makes me >>> want to assign each IP on to one dedicated ethernet card is >>> because when partner did stress test by sending around 100.000 >>> requests via ISP A. Shorewall failed to process all, there are >>> some traffics lost here. If the client tried to establish 100,000 simultaneous connections, then the issue is likely conntrack table overflow. Did you look at all at your logs after this test? If you find kernel messages indicating that the table was full, you will need to increase its size. Be sure to also increase the size of the hash table accordingly. Much information is available on this topic -- do a Google search for 'conntrack table full'. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
