On Sat, Jul 28, 2012 at 09:10:34AM -0400, Wietse Venema wrote:
> Thus, VERP increases the number of parallel connections. This may
> result in overflow of state tables in under-powered stateful routers,
> causing them to drop packets that don't match any existing state.
Or perhaps the state tables don't overflow, but rate limits apply
regardless of connection state. In fact that would be correct
behaviour I think. Rate enforcement has little to do with whether
the connection table is full or not...
I would guess that the OP's iptables configuration unwisely fails
to discriminate between incoming and outgoing traffic. The solution
is to exempt traffic sent from the machine from the rate controls.
--
Viktor.
