|
Hello,
On Wed, 17 Jul 2002, Peter Mueller wrote:
> OK, I was just following the first example I saw. I assume the cycles are
> wasted because REJECT sends a packet back saying "no SYN for you!" (or
> something like that), right?
Sort of :) ipchains/iptables filtering is the most
effective way to silently account the flood.
> > May be you have PCI 33MHz, ipchains rules, etc. The other
> > problem could be the routing cache performance. You can reduce the
> > number of clients to 10 just to see what happens.
>
> I think I have PCI 33mhz. The director is 2.4.x kernel with essentially no
> iptables rules.
> Is this PCI bus the cause for 87% utilization at ~21000 packets/sec?
Yes, in my tests I observe speed x 2 when on PCI 66MHz.
> Peter
Regards
--
Julian Anastasov <ja@xxxxxx>
|
