Discussion:
Limit on simultaneous NAT sessions?
(too old to reply)
Edgar Fuß
2015-10-15 09:00:01 UTC
Permalink
Is there (other than availabe memory) any limit on the number of simultaneous
sessions that ipnat(4) can handle? Anything configurable?

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Stephen Borrill
2015-10-15 12:46:40 UTC
Permalink
Post by Edgar Fuß
Is there (other than availabe memory) any limit on the number of simultaneous
sessions that ipnat(4) can handle? Anything configurable?
There's a limit on the size of the state table, but this may be related to
"keep state" within ipf(4) rather than ipnat. I found they needed bumping
on a reasonably busy server:

options IPSTATE_SIZE=30011
options IPSTATE_MAX=21011
--
Stephen
Edgar Fuß
2015-10-16 09:17:30 UTC
Permalink
EF> Is there (other than availabe memory) any limit on the number of
EF> simultaneous sessions that ipnat(4) can handle? Anything configurable?
SB> There's a limit on the size of the state table, but this may be related
SB> to "keep state" within ipf(4) rather than ipnat. I found they needed
SB> bumping on a reasonably busy server:
SB> options IPSTATE_SIZE=30011
SB> options IPSTATE_MAX=21011
I also had to increase these ipf-related values (by -T) on our gateway.

I don't think ipnat is affected by those. It appears to have a 30000-session-
limit (no, that's not the number of ports I configured, which is 50000).

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...