Andrea Cerrito wrote:
> > the problem is that the number of ports in ipv4 is a 16bit number and
> > part of the spec. I kinda think that maybe ipv6 has more ports but I don't
> > really
> > know.
> I'm confused.
> Reading here 'http://www.wallfire.org/misc/netfilter_conntrack_perf.txt'
> I found that tuning ip_conntrack module is possible, and it's possible
> to handle even 1million connection.
> So: if 1 port = 1 connection, and Numer_Of_Ports is 16bit-limited, why
> increase the number of maximum connection tracking?
A realserver can only have 64k connections (ipv4 spec).
A director (or router or firewall) sitting in between a large number of clients
on one side
and a set of realservers on the other side and keeping track of the connections
involved, is just doing accounting and is keeping a list of what's going on.
The conn_track code can use 64bit numbers if it likes and is only limited in the
number of connections it can track by the number of connections it can store.
There are no connections being made to or from the director (router).
Joseph Mack PhD, High Performance Computing & Scientific Visualization
SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx