> -----Original Message----- > From: Bill Marquette [mailto:[EMAIL PROTECTED] > Sent: 28 February 2006 14:00 > To: [email protected] > Subject: Re: [pfSense Support] Running out of states again > > You could turn on aggressive state control - that's in the > System->Advanced screen. I'm assuming that you are memory limited or > you would have just cranked the state table size. The 10K default is > rather on the conservative side, we could probably scale the defaults > based on system memory post 1.0 - in fact, I'll jot that down as a > TODO. We do have low end machines (Soekris 4501 w/ 64M ram comes to > mind), so limiting the number of states in those machines is crucial. > Each state entry when allocated eats approx 1K of memory. FWIW, I run > my machines at work with 128,000 states and occasionally bump up > against that on my biggest box. During our next upgrade cycle I plan > on bumping that limit to 256,000. But all these machines have 1-2G of > ram in them and can easily handle the loss of a few hundred meg in > states (ram is cheaper than a dropped connection anyway). > > There are also per rule settings, but I don't think we expose the > adaptive controls (if they even existed in OpenBSD 3.7?). I've > personally found them to be more pain than they're worth, expiring > potentially good states to keep from resource starvation. Again, it's > cheaper for me to just throw hardware at it than spend any time tuning > it or dropping connections (and having them get noticed).
Ah, that makes sense now, I've just bumped mine up to 128000 as well, the machine has 1Gb of memory so I'll keep an eye on it. Thanks for the explanation as I was unsure as to what size would be acceptable for the state table. Cheers --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
