From mboxrd@z Thu Jan 1 00:00:00 1970 From: Grant Taylor Date: Wed, 17 Aug 2005 06:20:32 +0000 Subject: Re: [LARTC] Hardware Configuration Ideas Message-Id: <4302D730.3090105@riverviewtech.net> List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org > You don't. Maybe that's conntrack's default, but you can set it to a high= er > number manually. The required memory is approx 400b per connection (depen= ds on > iptables/kernel compile time options). The rather conservative default (h= ashsize > =3D 1/16384th of RAM) is for a generic system. For more info look at > ip_conntrack_core.c >=20 > 65535 connections need about 25MB in RAM, so before starting iptables, do > modprobe ip_conntrack hashsize=8192 > (contrack_max is auto-set to 8*hashsize, this is the recommended relation= ). In > fact my distro Shurdix automatically sets up larger hashsize than the def= ault, > depending on system memory. Hmm, I did not have much time to solve this problem at the time and documen= tation was hard to come by at the time and what I did find was old. Alass = I was not subscribed to this list to ask for help either. Note things have= changed sense then. :) > While a redundant system is indeed a good idea, I recommend making sure t= he > router is rock stable. This doesn't necessarily require high-end / fast > hardware, it is recommended to stress test it before going live > (memtest/cpuburn/whatever). >=20 > My tip is not to use "primitive" network cards like those based on rtl813= 9 which > you require high bandwidth. This has the most noticeable impact on perfor= mance. > I have ok experience with 3com's, I've heard intels are even better. I would agree to both points. I have had good luck with the rtl8139s on Ca= ble / DSL and T1 routers but I would want something better (3C905x cards) f= or a much higher bandwidth installation. The redundant (identical) system = is for those cases where the cleaning crew and / or momma nature and / or M= r Murphy have their way with your box. We have all had it happen (or will)= in some way or another at some time. It is not "if" a box will fail in so= me way, but rather "when". The failure may not be any thing you could prev= ent. I think the stores in Florida this year are a good example of that. Grant. . . . _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc