|
Hello,
On Mon, 19 Mar 2001, Hendrik Thiel wrote:
> Hi all
>
> we are using a lvs in NAT Mode and everything works fine ...
> Probably, the only Problem seems to be the huge number of (idle)
> Connection Entries.
>
> ipvsadm shows a lot of inActConn (more than 10000 entries per
> Realserver) entries.
> ipchains -M -L -n shows that these connections last 2 minutes.
> Is it possible to reduce the time to keep the Masquerading Table
> small? e.g. 10 seconds ...
http://marc.theaimsgroup.com/?t=98227299800016&w=2&r=1
http://www.linux-vs.org/defense.html
You can edit ip_masq.c and to reduce them by hand or to enable
the secure_tcp strategy and to alter the proc values. One entry
occupies 128 bytes. 10k entries mean 1.28MB memory. May be this is
fatal sometimes. You need to alter the TIME_WAIT value, FIN_WAIT
can be changed with ipchains.
> thanks in advance
>
> Hendrik Thiel
> Falk eSolutions AG
> Tel: 02841/9097355
> Fax: 02841-9097331
>
Regards
--
Julian Anastasov <ja@xxxxxx>
|
