* nf_conntrack vs ip_conntrack ...
@ 2007-12-19 16:47 S?ébastien Cramatte
0 siblings, 0 replies; only message in thread
From: S?ébastien Cramatte @ 2007-12-19 16:47 UTC (permalink / raw)
To: netfilter
Hello
I'm running 2.6.22.12 kernel
I would like to tweak netfilter parameters in sysctl.conf (I'm running
debian Etch)
My server is a traffic manager setuped as a bridge. We filter P2P
(ipp2p, l7filter) and SIP/RTP for an amount 60Mbits
I must tweak conntrack default values to use most of available memory
and to try to avoid overhead ...
How can apply these sysctl.conf values to the new nf_conntrack style :
net.ipv4.netfilter.ip_conntrack_max = 8388608
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established= 57600
net.ipv4.netfilter.ip_conntrack_udp_timeout = 57600
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 57600
By default I've got theses values :
net.netfilter.nf_conntrack_generic_timeout = 50
net.netfilter.nf_conntrack_max = 65536
net.netfilter.nf_conntrack_count = 0
net.netfilter.nf_conntrack_buckets = 8192
net.netfilter.nf_conntrack_checksum = 1
net.netfilter.nf_conntrack_log_invalid = 0
Which value can I put for tcp and udp timeout ?
I found some example but small wireless router not 60Mbits traffic
shapper ;)
So I'm not sure what should be the best values
We have something as 2000 customers (I'm working for a cable provider)
that going through this server,
Many thanks for your help
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2007-12-19 16:47 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-12-19 16:47 nf_conntrack vs ip_conntrack S?ébastien Cramatte
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox