Hi, On Friday 01 December 2006 04:04, wckwon wrote:
I found a bug that some critical section was not protected by lock.
Indeed, thanks for your report. Could give the attached updated nat_delete.patch a try? Although the spinlock method you suggested should work, I'd like to find a lockless way to fix the problem.
Question : Do you have any other TIPs to increase MAX-OPEN-SESSION?
Using multiple bind addresses just as you've done is really required. I'd also recommend increasing the tproxy hashtable size (hashsize module parameter). It defaults to 127 which is _very_ low if you have that many connections. If you have 200000 connections I'd set it to something like 49993. (I'd suggest setting it to a prime number.) Additionally some tuning of the underlying conntrack/NAT subsystem should suffice. (Like ip_conntrack_max, and maybe tuning some conntrack timeout values if necessary.) -- Regards, Krisztian Kovacs