Sébastien CRAMATTE
2007-Apr-17 18:24 UTC
Can''t change ipt_conntrack hashsize under debian sarge ???
Hello, I''ve tried to change ipt_conntrack hashsize and con under my debian charge but doesn''t work ! Ive got 2876Mb available for conntrack so I''ve done (according to some previous mail and this http://www.wallfire.org/misc/netfilter_conntrack_perf.txt) CONNTRACK_MAX = 2876 * 64 = 184064 HASHSIZE = 2876 * 8 = 23002 But the near power of 2 is 2^16 = 131072 ... I''m not sure that if it better to put 184064 or 131072 ? Seems that netfilter algorythm is more eficient with power of 2 value ? I can set the CONNTRACK_MAX value but not the HASHSIZE ... I''ve tried add hashsize= paremeter in /etc/modules or in /etc/modprobe.d/arch/i386 and I''ve done an "update-modules" ... When reboot the server the value still 8192 ???? Any Ideas ? Moreover I''ve read somewhere that is better to augment HASHSIZE value to 1:2 ratio ... in my case 65440 But how can I determine the best value ? My computer is P4 Hyper Threading 3.6 Ghz ... Might be I should put 131072 as CONNTRACK_MAX ? This server is a bridge that only do L7 QoS (filter + o - 70 Mbits for> 600 customers ).# cat /etc/sysctl.conf net.ipv4.netfilter.ip_conntrack_max = 131072 #cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 131072 # cat /proc/sys/net/ipv4/netfilter/ip_conntrack_buckets 8192 #cat /etc/modprobe.d/arch/i386 alias eth0 tg3 alias eth1 tg3 alias eth2 e1000 options ipt_conntrack hashsize=65440 Many thanks for you help Regards
Sébastien CRAMATTE
2007-Apr-18 08:45 UTC
Can''t change ipt_conntrack hashsize under debian sarge ???
Hello, I''ve tried to change ipt_conntrack hashsize and con under my debian charge but doesn''t work ! Ive got 2876Mb available for conntrack so I''ve done (according to some previous mail and this http://www.wallfire.org/misc/netfilter_conntrack_perf.txt) CONNTRACK_MAX = 2876 * 64 = 184064 HASHSIZE = 2876 * 8 = 23002 But the near power of 2 is 2^16 = 131072 ... I''m not sure that if it better to put 184064 or 131072 ? Seems that netfilter algorythm is more eficient with power of 2 value ? I can set the CONNTRACK_MAX value but not the HASHSIZE ... I''ve tried add hashsize= paremeter in /etc/modules or in /etc/modprobe.d/arch/i386 and I''ve done an "update-modules" ... When reboot the server the value still 8192 ???? Any Ideas ? Moreover I''ve read somewhere that is better to augment HASHSIZE value to 1:2 ratio ... in my case 65440 But how can I determine the best value ? My computer is P4 Hyper Threading 3.6 Ghz ... Might be I should put 131072 as CONNTRACK_MAX ? This server is a bridge that only do L7 QoS (filter + o - 70 Mbits for> 600 customers ).# cat /etc/sysctl.conf net.ipv4.netfilter.ip_conntrack_max = 131072 #cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 131072 # cat /proc/sys/net/ipv4/netfilter/ip_conntrack_buckets 8192 #cat /etc/modprobe.d/arch/i386 alias eth0 tg3 alias eth1 tg3 alias eth2 e1000 options ipt_conntrack hashsize=65440 Many thanks for you help Regards