'Re: confused about LARGE_NAT and hi traffic ipf box.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: confused about LARGE_NAT and hi traffic ipf box.
From:       _ethyl () excite ! com
Date:       2001-08-29 19:59:58
[Download RAW message or body]

Thanks for the reply Darren.  I appreciate your time.

I'm afraid I'm still not clear on my question though.  Perhaps another list
member has the time to explain it in more 

detail.  

I'm am doing something a bit unusual as my users are making between 1-16
connection to an individual file so the 

common adage of "you'll run out of bandwidth before you run out of the
machine's ability to serve more users" is still 

probably true, just not as true as it would be for typical web serving. 
This is why I want to make sure I am not 

limiting the number of concurrent connections by keeping the default NAT
values.  I guess I was a bit confused as to 

whether LARGE_NAT is for hiding "hundreds or thousands" of hosts behind the
NAT box or if it still applies to 

"hundreds or thousands" of external users connecting from the outside to a
handful of servers behind the NAT box. I 

would assume it applies to both but just wanted to make sure.   I'm not sure
I understand how having a timeout of 

10mins would negate any predefined limits on the number of simultaneous NAT
entries.

As I mentioned previously, I have already increased available kernel mem
substantially and increased the IPSTATE_SIZE 

and IPSTATE_MAX values to the largest I could find.  I am simply interested
in making sure that I have ipf/ipnat 

configured to allow the maximum safe number of concurrent connections and
then I will look at other possible choke 

points.  Any additional thoughts on configuration for max concurrent users
would be appreciated.









  Do I
>  > need to enable LARGE_NAT with BIG values and what might some good
values be?
>  
>  LARGE_NAT enforces a 10 minute timeout on all NAT entries.
>  
>  Darren





_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic