On Thu, Aug 24, 2023 at 12:31 PM Lyndon Nerenberg (VE7TFX/VE6BBM)
wrote:
> For over a year now we have been seeing instability on our firewalls
> that seems to kick in when our state tables approach 200K entries.
> The number varies, but it's a safe bet that once we cross the 180K
> threshold, the
On Thu, Aug 24, 2023 at 2:57 PM Gabor LENCSE wrote:
> I used OpenBSD 7.1 PF during stateful NAT64 benchmarking measurements
> from 400,000 to 40,000,000 states. (Of course, its connection setup and
> packet forwarding performance degraded with the number of states, but
> the degradation was not ve
Gabor LENCSE writes:
> If you are interested, you can find the results in Tables 18 - 20 of
> this (open access) paper: https://doi.org/10.1016/j.comcom.2023.08.009
Thanks for the pointer -- that's a very interesting paper.
After giving it a quick read through, one thing immediately jumps
out.
Hi,
But my immediate (and only -- please do NOT start a bikeshed on
ruleset design!) question is:
Is there a practical limit on the number of states pf can handle?
I used OpenBSD 7.1 PF during stateful NAT64 benchmarking measurements
from 400,000 to 40,000,000 states. (Of course, its
For over a year now we have been seeing instability on our firewalls
that seems to kick in when our state tables approach 200K entries.
The number varies, but it's a safe bet that once we cross the 180K
threshold, the machines start getting cranky. At 200K+ performance
visibly degrades, often lead
Hello Tobias,
Thank you for reply.
On Thu, Aug 24, 2023 at 12:36:07AM +0200, Tobias Heider wrote:
> On Wed, Aug 23, 2023 at 08:03:34AM +0200, Jiri Navratil wrote:
> > Hello,
> >
> > Thank you for quick and helpful replies.
> >
> > Adding line
> >
> > set skip on enc0
6 matches
Mail list logo
