Имеем:
железо: Intel S5000VSL
ОС: FreeBSD 7.1-PRERELEASE #2: Thu Dec 10 14:57:45 MSK 2009При ~110k записей всё хорошо, достигаем ~125-140к начинаются ошибки на сет. интерфейсе, чистим трансляции - ошибки исчезают.
# ipnat -s
mapped in 285037401 out 221990930
added 11096611 expired 10218253
no memory 0 bad nat 235943
inuse 129092
orphans 0
rules 9
wilds 1
hash efficiency 12.69%
bucket usage 99.97%
minimal length 0
maximal length 22
average length 7.882
TCP Entries per state
0 1 2 3 4 5 6 7 8 9 10 11
88 4735 157 2626 7079 345 65 17 36 0 43362 1505
# netstat -I em0 -w 1
input (em0) output
packets errs bytes packets errs bytes colls
6306 541 6300808 5877 0 1242162 0
6736 416 6535743 6276 0 1309721 0
7738 514 8288666 6523 0 1405937 0
7630 462 7551297 6721 0 1556890 0
5207 443 4997805 4952 0 1248456 0
# ipnat -CF -f /etc/ipnat.rules
128944 entries flushed from NAT table
9 entries flushed from NAT list
# netstat -I em0 -w 1
input (em0) output
packets errs bytes packets errs bytes colls
3205 0 2584267 3132 0 650453 0
4704 0 4305612 4352 0 813504 0
4463 0 3898817 4223 0 856430 0
# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=1db<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,POLLING,VLAN_HWCSUM,TSO4>
ether 00:15:17:1f:e2:18
media: Ethernet 1000baseTX <full-duplex>
status: active
vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:15:17:1f:e2:18
inet X.X.X.X netmask 0xfffffff8 broadcast X.X.X.X
media: Ethernet 1000baseTX <full-duplex>
status: active
vlan: 1000 parent interface: em0
# ipf -T list
fr_flags min 0 max 0xffffffff current 0
fr_active min 0 max 0 current 0
fr_control_forwarding min 0 max 0x1 current 0
fr_update_ipid min 0 max 0x1 current 0
fr_chksrc min 0 max 0x1 current 0
fr_minttl min 0 max 0x1 current 4
fr_icmpminfragmtu min 0 max 0x1 current 68
fr_pass min 0 max 0xffffffff current 134217730
fr_tcpidletimeout min 0x1 max 0x7fffffff current 3600
fr_tcpclosewait min 0x1 max 0x7fffffff current 60
fr_tcplastack min 0x1 max 0x7fffffff current 60
fr_tcptimeout min 0x1 max 0x7fffffff current 300
fr_tcpclosed min 0x1 max 0x7fffffff current 60
fr_tcphalfclosed min 0x1 max 0x7fffffff current 120
fr_udptimeout min 0x1 max 0x7fffffff current 120
fr_udpacktimeout min 0x1 max 0x7fffffff current 24
fr_icmptimeout min 0x1 max 0x7fffffff current 120
fr_icmpacktimeout min 0x1 max 0x7fffffff current 12
fr_iptimeout min 0x1 max 0x7fffffff current 120
fr_statemax min 0x1 max 0x7fffffff current 4013
fr_statesize min 0x1 max 0x7fffffff current 5737
fr_state_lock min 0 max 0x1 current 0
fr_state_maxbucket min 0x1 max 0x7fffffff current 26
fr_state_maxbucket_reset min 0 max 0x1 current 1
ipstate_logging min 0 max 0x1 current 1
fr_nat_lock min 0 max 0x1 current 0
ipf_nattable_sz min 0x1 max 0x7fffffff current 16383
ipf_nattable_max min 0x1 max 0x7fffffff current 300000
ipf_natrules_sz min 0x1 max 0x7fffffff current 2047
ipf_rdrrules_sz min 0x1 max 0x7fffffff current 2047
ipf_hostmap_sz min 0x1 max 0x7fffffff current 8191
fr_nat_maxbucket min 0x1 max 0x7fffffff current 28
fr_nat_maxbucket_reset min 0 max 0x1 current 1
nat_logging min 0 max 0x1 current 1
fr_defnatage min 0x1 max 0x7fffffff current 1200
fr_defnatipage min 0x1 max 0x7fffffff current 120
fr_defnaticmpage min 0x1 max 0x7fffffff current 6
fr_nat_doflush min 0 max 0x1 current 0
ipf_proxy_debug min 0 max 0xa current 0
ipfr_size min 0x1 max 0x7fffffff current 257
fr_ipfrttl min 0x1 max 0x7fffffff current 120
ipl_suppress min 0 max 0x1 current 1
ipl_logmax min 0 max 0x7fffffff current 7
ipl_logall min 0 max 0x1 current 0
ipl_logsize min 0 max 0x80000 current 8192
ippr_ftp_debug min 0 max 0xa current 0
Версия для распечатки
ipnat и ошибки на сетевом интерфейсе em, 
Brakodelus, 11-Дек-09, 11:54 [смотреть все]
