PF states degrade?
Dennis Yusupoff
dyr at smartspb.net
Fri Feb 7 07:43:57 UTC 2014
Hello, Matthew.
Definitely not - see limits defined in the pf.conf below.
Moreover, we had tested also after have done "pfctl -Fa -f /etc/pf.conf
&& pfctl -d && pfctl -e" with traffic from only one customers.
06.02.2014 20:39, Matthew Grooms пишет:
> On 2/6/2014 1:14 AM, Dennis Yusupoff wrote:
>> ...
>> set limit { states 1000000, frags 80000, src-nodes 100000, table-entries
>> 500000}
>> ...
> Dennis,
>
> Did you run out of pf state table entries? You can use pfctl to list
> the current limit and usage ...
>
> INFO:
> Status: Enabled for 14 days 19:48:29 Debug: Urgent
>
> State Table Total Rate
> current entries 4
> searches 2030427 1.6/s
> inserts 64990 0.1/s
> removals 64986 0.1/s
>
> LIMITS:
> states hard limit 10000
> src-nodes hard limit 10000
> frags hard limit 5000
> table-entries hard limit 200000
>
> .. If that is the case, you can increase your state table size by
> inserting some configuration parameters at the top of your pf.conf
> file. For example ...
>
> set limit states 50000
> set limit src-nodes 50000
> set limit frags 25000
>
> -Matthew
> _______________________________________________
>
--
Best regards,
Dennis Yusupoff,
network engineer of
Smart-Telecom ISP
Russia, Saint-Petersburg
More information about the freebsd-net
mailing list