Re: Problem with IP-Pools - Roberto Nibali

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Roberto Nibali <ratz@tac.ch>
To: Markus Schaber <markus.schaber@student.uni-ulm.de>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: Problem with IP-Pools
Date: Fri, 06 Dec 2002 14:00:23 +0100	[thread overview]
Message-ID: <3DF09F67.30504@tac.ch> (raw)
In-Reply-To: 20021205224314.3c38afec.markus.schaber@student.uni-ulm.de

Hello,

> You see, we're doing Gigabit ethernet here (about 600 MBit upstream
> bandwidth), and our largest host group currently has 9497 Entries.
> That's just too much for the usual O(n) method, one table containing one
> match rule per host, and building some tree-like tables to cut down the
> pass time to O(log(n)) is a maintenance nightmare.

I'm in kind of the same situation but I have solved it more or less. Please 
contact me privately so we can discuss about it.

> Not to mention the time to load an iptable with some tens of thousands
> of entries, we cannot wait half an hour for our firewall to boot up.

:) I know that problem. I'm working on a solution myself.

> If you know another method of managing such high traffic and host number
> combinations, we'd love to hear about it, because we _really_ want to
> leave Checkpoint.

I am surprised that checkpoint could handle such a configuration. We had to give 
up on checkpoint long ago because it wasn't able to handle hundreds of different 
NAPT configuration per interface correctly without stumbling over its own 
internal tables.

Just contact me offline so we can discuss things. Regards,
Roberto Nibali, ratz
-- 
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc

next prev parent reply	other threads:[~2002-12-06 13:00 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-11-28 15:29 Problem with IP-Pools Markus Schaber
2002-12-05 20:11 ` Harald Welte
2002-12-05 21:43   ` Markus Schaber
2002-12-06 13:00     ` Roberto Nibali [this message]
2002-12-06 13:20     ` Martin Josefsson
2002-12-19 15:24       ` Markus Schaber
2002-12-19 18:48         ` Markus Schaber

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3DF09F67.30504@tac.ch \
    --to=ratz@tac.ch \
    --cc=markus.schaber@student.uni-ulm.de \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.