Date: Sat, 11 Sep 2004 06:24:06 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Don Bowman <don@sandvine.com> Cc: Glenn Dawson <glenn@antimatter.net> Subject: Re: dyn buckets Message-ID: <20040911062406.A37565@xorpc.icir.org> In-Reply-To: <A8535F8D62F3644997E91F4F66E341FC58726F@exchange.sandvine.com>; from don@sandvine.com on Fri, Sep 10, 2004 at 03:51:48PM -0400 References: <A8535F8D62F3644997E91F4F66E341FC58726F@exchange.sandvine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 10, 2004 at 03:51:48PM -0400, Don Bowman wrote: > From: owner-freebsd-net@freebsd.org > > I have a firewall running 4.10 that handles around > > 20mbits/sec of traffic > > and has around 500 ipfw rules. > > > > Lately I've noticed that net.inet.ip.fw.curr_dyn_buckets > > seems to be maxing > > out. I've increased net.inet.ip.fw.dyn_buckets a few times, what hits the limit is the number of rules not the number of buckets -- try raising net.inet.ip.fw.dyn_max as suggested. cheers luigi > > but they seem > > to max out each time. > > > > Is there any problem with increasing > > net.inet.ip.fw.dyn_buckets far beyond > > the default? (I'm at 2048 now) > > I use > net.inet.ip.fw.dyn_buckets=16384 > net.inet.ip.fw.dyn_syn_lifetime=5 > net.inet.ip.fw.dyn_max=32000 > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040911062406.A37565>