Hi, I currently have a system that has no match rule in the ruleset, but that uses tables for a big chunk of the traffic, including our monitoring station that has a pretty high SNMP request rate. That system has a state table that usually stabilizes between 15-20K sessions, with a session search rate of around 10K. The states limit has been raised to 100000 and the frags to 10000, but all other limits are set to default values. However, the "match" counter always states a rate between 199/200 per second. During some heavy traffic period, we are getting some failures from the monitoring system and the only thing that seems possibly out of health for the system is the match counter rate. System processor and memory are fine and there is no other noticeable impact, but clearly the monitoring tool is seeing an impact, as it didn't reflect something this behavior before we implemented the PF systems.
State Table Total Rate current entries 21285 searches 153482648 9346.2/s inserts 2894881 176.3/s removals 2873596 175.0/s Source Tracking Table current entries 0 searches 0 0.0/s inserts 0 0.0/s removals 0 0.0/s Counters match 3306956 201.4/s Is a packet going through a table trigger a match counter? And is there was some chance that something would put a limit on the rate of "match" rate? Or an idea on something else that I could look at to find a hint? This is on 4.8 GENERIC.MP#335 amd64 Thanks again
