Hi Stuart,
Thanks a bunch for you suggestions. This email got lost in my inbox.
Will let you know if I have some questions. Appreciate your help :)
Thx
On 1/11/11 1:43 PM, Stuart Henderson wrote:
On 2010-12-03, Godesi wrote:
relay web {
Try applying this diff from -current and rebuildi
On 2010-12-03, Godesi wrote:
> relay web {
Try applying this diff from -current and rebuilding relayd.
It is an inline diff, if your mail client has problems giving
you valid plaintext then try pasting it from a web-based
mailing list archive instead.
I think the diff will probably apply fairly
* Kevin Wilcox [2010-12-20 16:01]:
> On 19 December 2010 07:16, Henning Brauer wrote:
> > * Ryan McBride [2010-12-03 09:52]:
> >> More than 100,000. I havn't tested lately (planning to do so soo), but I
> >> would expect somewhere closer to 500,000.
> > you're way off ;)
> > I had 2 million duri
On 12/20/10 15:52, Kevin Wilcox wrote:
On 19 December 2010 07:16, Henning Brauer wrote:
you're way off ;)
I had 2 million during a DDoS. things got a bit slow but everything
worked.
Henning - out of curiosity, what were the specs on that hardware?
It may be interesting to know of any specifi
On 19 December 2010 07:16, Henning Brauer wrote:
> * Ryan McBride [2010-12-03 09:52]:
>> More than 100,000. I havn't tested lately (planning to do so soo), but I
>> would expect somewhere closer to 500,000.
> you're way off ;)
> I had 2 million during a DDoS. things got a bit slow but everythi
On 12/19/10 4:16 AM, Henning Brauer wrote:
* Ryan McBride [2010-12-03 09:52]:
On Thu, Dec 02, 2010 at 11:22:08PM -0500, Godesi wrote:
2. How much states can i "really" have on a box that has 4 gig ram?
More than 100,000. I havn't tested lately (planning to do so soo), but I
would expect some
* Ryan McBride [2010-12-03 09:52]:
> On Thu, Dec 02, 2010 at 11:22:08PM -0500, Godesi wrote:
> > 2. How much states can i "really" have on a box that has 4 gig ram?
> More than 100,000. I havn't tested lately (planning to do so soo), but I
> would expect somewhere closer to 500,000.
you're way o
On 12/8/10 2:09 PM, Ryan McBride wrote:
On Wed, Dec 08, 2010 at 12:39:12PM -0800, dabheeruz wrote:
We are seeing the issue again and I am writing a script to get the
"pfctl -vvsi" data at regular intervals. Can you please point me to
what values I should be looking out for?
You want to look fo
On Wed, Dec 08, 2010 at 12:39:12PM -0800, dabheeruz wrote:
> We are seeing the issue again and I am writing a script to get the
> "pfctl -vvsi" data at regular intervals. Can you please point me to
> what values I should be looking out for?
You want to look for any of the counters in the Counters
Hi Ryan,
We are seeing the issue again and I am writing a script to get the
"pfctl -vvsi" data at regular intervals. Can you please point me to
what values I should be looking out for?
Thanks
Parvinder Bhasin
On 12/3/10 11:32 AM, dabheeruz wrote:
Thanks Ryan! Unfortunately when this happene
Hi Jan,
This actually happened again really late at night , one thing that
strangely happened was that we had nagios setup to monitor CARP state
and basically the secondary lb (same config etc) had its carp interface
in "init" state and once again the primary relayd box was displaying
problem
Godesi wrote:
> We recently deployed OBSD4.7 boxes to do load balancing in our
> environment with relayd.
>
> After few hours we encountered problem with the server going beyond
> 10,000 states.
Are you convinced that it is a state problem?
In our tests we have found that a default setup of rel
Thanks Ryan! Unfortunately when this happened I was remote and could not
grab those stats. But what should I be looking for in term of badness.
Maybe I can quickly setup something to monitor for particular stat.
Really appreciate your input.
Thx.
On 12/3/10 12:41 AM, Ryan McBride wrote:
O
On Thu, Dec 02, 2010 at 11:22:08PM -0500, Godesi wrote:
> 1. Do I need pf for relayd when I am not doing redirects?
I don't think so, but this is easy for you to test...
> 2. How much states can i "really" have on a box that has 4 gig ram?
More than 100,000. I havn't tested lately (planning t
It's related to timeout options.
man pf.conf(5), Options sections, timeouts.
By default, pf offers to you a three 'lists' of timeouts values:
Conservative, Normal and Aggressive.
If you want to drop completely the connections states early, you can use
Aggressive staff. But PF is extremely fle
I found this notes
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c?rev=1.559&content-type=text/x-cvsweb-markup
Will try upgrade (I'm running 4.1) and see
02.05.08, 20:21, "Kian Mohageri" <[EMAIL PROTECTED]>:
> States aren't purged immediately. Take a look at the timeout val
On Fri, May 2, 2008 at 7:35 AM, B A <[EMAIL PROTECTED]> wrote:
> Hello!
>
>
>
> I have question about PF.
>
>
>
> I have just found interesting behavior of of PF.
>
> For example if I fix source port and run from my PC:
>
>echo 'aaa' | nc -p www.my.rerver 80
>
> I got response.
>
>
17 matches
Mail list logo
