Date: Fri, 07 Feb 2014 11:43:51 +0400 From: Dennis Yusupoff <dyr@smartspb.net> To: freebsd-net@freebsd.org Subject: Re: PF states degrade? Message-ID: <52F48EB7.5010706@smartspb.net> In-Reply-To: <52F3BAB6.7090304@shrew.net> References: <52F3366D.3030202@smartspb.net> <52F3BAB6.7090304@shrew.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Matthew.
Definitely not - see limits defined in the pf.conf below.
Moreover, we had tested also after have done "pfctl -Fa -f /etc/pf.conf
&& pfctl -d && pfctl -e" with traffic from only one customers.
06.02.2014 20:39, Matthew Grooms пишет:
> On 2/6/2014 1:14 AM, Dennis Yusupoff wrote:
>> ...
>> set limit { states 1000000, frags 80000, src-nodes 100000, table-entries
>> 500000}
>> ...
> Dennis,
>
> Did you run out of pf state table entries? You can use pfctl to list
> the current limit and usage ...
>
> INFO:
> Status: Enabled for 14 days 19:48:29 Debug: Urgent
>
> State Table Total Rate
> current entries 4
> searches 2030427 1.6/s
> inserts 64990 0.1/s
> removals 64986 0.1/s
>
> LIMITS:
> states hard limit 10000
> src-nodes hard limit 10000
> frags hard limit 5000
> table-entries hard limit 200000
>
> .. If that is the case, you can increase your state table size by
> inserting some configuration parameters at the top of your pf.conf
> file. For example ...
>
> set limit states 50000
> set limit src-nodes 50000
> set limit frags 25000
>
> -Matthew
> _______________________________________________
>
--
Best regards,
Dennis Yusupoff,
network engineer of
Smart-Telecom ISP
Russia, Saint-Petersburg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52F48EB7.5010706>