Bart Schaefer wrote: > On 9/9/07, David Hrbác( <hrbac.conf at seznam.cz> wrote: >> how many connections are on the router (/proc/net/ip_conntrack) ? > > This is way off-peak time for us (middle of Sunday night PDT) so I > suspect looking at this right now is not very useful, but: > > # cat /proc/net/ip_conntrack | wc -l > 15140 > # cat /proc/net/ip_conntrack | fgrep -v UNREPLIED | wc -l > 586 > >> what's the /proc/sys/net/ipv4/ip_conntrack_max > > # cat /proc/sys/net/ipv4/ip_conntrack_max > 65536 On top of that, i'd say that a PC, with whatever processor you could put, is able to service a certain amount of interrupts / second. Sometimes, you can have also cards / integrated peripherals that are sharing IRQs and have trouble with it. So in the case of a PC router, i'd go into the BIOS setup and disable all the integrated peripheral you don't use (LPT port, integrated sound card, etc). Maybe you already did this, i don't know. There are some ways to improve performance like what Cisco does: having line cards doing processing and getting pointers from the main supervisor card and dealing with traffic locally afterward. In our PC case here, this could translate into using at least TCP offloading and flow control (ethernet level). Also, consider that not all ethernet cards are equal and that using 802.1Q (trunking) also change the game. Good cards have features to deal with all this. Somebody mentioned pfSense. I use it and there is an option that can boost the performance: Using device polling instead of relying on interrupts generated by cards. I dunno if CentOS has this kind of option, the ethernet gurus of this list could provide important information on that. Hope this helped. Guy Boisvert, ing. IngTegration inc.