ip_conntrack problem / perfomance

Denis Fedorishenko (nuclearcat@nuclearcat.com)
Fri, 4 Oct 2002 10:47:03 +0300


Dear Mr. linux-net@vger.kernel.org !

I got some problem with conntrack. Very strange problems...

1st - i compile it as module on RedHat kernel 2.4.18-3custom.
I have NAT on this machine, and have users who work on it.
When i start benchmark (polygraph + proxy server) on same host -
perfomance is ~800 req/s.

2nd - i have another, same configuration PC, and have compiled in (not
as module) 2.4.18-10custom and 2.4.20-pre8-ac3 kernel. When it
compiled in - i have at starts ~800 req/s and after 10-20 seconds it
decrease to ~200req/s. If i compile ip_conntrack as module, and not use
ip_conntrack - 1000 req/s. If use as module - decrease to 200 req/s.

I have questions:

1)Is a possible to use any alternative hash for ip_conntrack or like
this?
2)Why conntrack track all requests (for example local) and what way to
drop this tracks, but i still need ip_conntrack to NAT?
3)Any other suggestions?

About hardware:
2xPIII|1.3Ghz / ServerWorks / 2xEtherExpress/100 /1GB RAM

Also in logs, not always, but i see messages like "ip_conntrack: table
full, dropping packet.", but on 2.4.18-custom3 i see this messages
too... but it works 800 req/s :)

Thank you!
-----------------------------------------------------------------------------------------
Fedorishenko Denis Olegovich
nuclearcat@nuclearcat.com * Tel: +380 679322793
www.nuclearcat.com * www.planetsky.org * www.itelsat.org

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/