Reply To: ip_conntrack_tcp_timeout_established

Forums Network Management ZeroShell ip_conntrack_tcp_timeout_established Reply To: ip_conntrack_tcp_timeout_established


I found the default of 5 days on my box to get tanked after about 1 day, the connections would hold and build up to over 200k connections, when really it was only around 30-60k when forced to one hour (cisco format) only, instead of 5 days. Here is my post boot i have:

# Startup Script
echo “3600” > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
echo “1048576” > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 134217728 > /proc/sys/kernel/shmall
echo 134217728 > /proc/sys/kernel/shmmax
cd /Database/niagara2265_r10/;./n2265_load;./n2265_util -a;./n2265_util -0
ethtool -K ETH02 tso on;ethtool -K ETH03 tso on

The last command you can disregard, it is to load a driver for my bypass NIC.

My ZS box is a HD install, dual 2.83 with 3gigs ram, the ram filled up fast in a day holding those connections open. Drop it down to an hour and you’ll be just fine. I got about 110megs/sec download x 40megs upload, average load less than 1%, and only utilizing around 153megs ram, my 3gigs is way overkill, but better safe than sorry.