>> My best tip for tuning performance: >> >> Don't until performance becomes an issue otherwise you have no >> basis of determining whether performance has improved. > > Let me add a second tip: > > Don't tune a parameter unless you know what is does. > While probably not popular, those are very good tips. I can give you some comparative performance info using CentOS3 and CentOS4. CentOS5 will probably give equal or slightly better performance depending on specific configurations. Harware: 4 Dell PowerEdge 350's (2 routers, 2 NAT firewalls) PIII-850 512 Mb RAM Bandwidth: Average 25-35Mbps Peak 80Mbps sustained for 1-2 hours 10k-25k connections NAT Firewall: CPU usage approx 2-8% Router: CPU usage approx 2-4% With the above specs, I was approaching the connection threshold with 512Mb RAM (32768 = theoretical max) and beginning to drop connections. This was quickly fixed by adding an additional 512Mb RAM and adjusting the CONNTRACK_MAX accordingly. Hope this helps. All boxes were running Keepalived for failover. Fairly straight forward routing so no software used except routing tables, IP, and IP forwarding. Hope this helps! -Ken