|
> If it can help, here is a small document named "netfilter conntrack
> performance tweaking" :
> http://www.wallfire.org/misc/netfilter_conntrack_perf.txt
No, I'm afraid it does not help ;). A conntrack entry is at least 192
bytes. If I have 800kpps traffic flow and 5000 rules, even Herve's
tuning tips are not helping anymore. I've seen some improvements
regarding RCU conversion lately and I definitely need to redo my tests
with a recent 2.6.x kernel, however I have little hope regarding
throughput with ip_conntrack.
Best regards,
Roberto Nibali, ratz
--
-------------------------------------------------------------
addr://Kasinostrasse 30, CH-5001 Aarau tel://++41 62 823 9355
http://www.terreactive.com fax://++41 62 823 9356
-------------------------------------------------------------
10 Jahre Kompetenz in IT-Sicherheit. 1996 - 2006
Wir sichern Ihren Erfolg. terreActive AG
-------------------------------------------------------------
|
