On 23 Jul 2001 07:26:08 -0400, jamal wrote:
>
Thanks to all for all the advices.
> He might be having problems with route table not getting enough nh entries
> because of small neigh tables.
>
> obviously FW1 is doing something weird:
> Yann, try to increment the sizes of the arp tables, example:
>
> echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
> echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
> echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
>
I'd like to understand the meaning of gc_thresh1,2,3 ...
gc_thresh is something like garbage collection threshold ? So what's the
meaning of 1,2,3 ?
> Or use higher values if you want
>
For the moment, the increase of /proc/sys/net/ipv4/route/max_size and
/proc/sys/net/ipv4/route/gc_thresh
seems to work OK. But as we're on holiday now, there's not lot of
students to stress the firewall.Anyway, strictly speaking of the kernel
; What's annoying me is that I don't really uderstand the meanings of
the values I manipulate ; I'm not sure those modifications are of any
help.
route --cache show a really important number of entries - 95% of those
entries show a same destination network - IN fact, a lot of subnets of a
class C network.
Is there any other command that can show me the values/saturation of the
netkork tables ?
This leads me to believe there's something broken in the firewall
configuration.(and I can't do anything for that)
Anyway, the 3rd party who installed the firewall saw the checkpoint
module is not up to date ... So now I just have to wait them for an
action...
> cheers,
Thanks again...
Yann Dupont.
--
\|/ ____ \|/ Fac. des sciences de Nantes-Linux-Python-IPv6-ATM-BONOM....
"@'/ ,. \@" Tel :(+33) [0]251125865 [0]251125868(Fax)
/_| \__/ |_\ Yann.Dupont@xxxxxxxxxxxxxxxxxxxxxxx
\__U_/ http://www.unantes.univ-nantes.fr/~dupont
|