Damn...
I'm not allowed to set the buckets value: error: permission denied on key 'net.ipv4.netfilter.ip_conntrack_buckets
How is that ? Is there any other bucket limit which limits this one ?
//Marcus
On Tue, Sep 30, 2008 at 7:08 AM, Willy Tarreau <w#1wt.eu> wrote:
> On Tue, Sep 30, 2008 at 07:05:12AM +0200, Marcus Herou wrote:
> > Hi.
> >
> > Increased the buckets to 250 000 and conntrack_max to 1000 0000.
> >
> > About the time_wait do you mean setting the net.ipv4.tcp_fin_timeout
> value ?
> > I have it set to 30 sec.
>
> No, I meant this one :
>
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
>
> and in fact these ones should be reduced too (30s is fine for all of them)
> :
>
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
>
> Willy
>
>
-- Marcus Herou CTO and co-founder Tailsweep AB +46702561312 marcus.herou#tailsweep.com http://www.tailsweep.com/ http://blogg.tailsweep.com/Received on 2008/09/30 07:20
This archive was generated by hypermail 2.2.0 : 2008/09/30 07:33 CEST