Maximum interfaces or rules for iptables
We are test bedding some dual octacore, 64GB servers for webhosting cPanel.
Due to how much SSD disk/memory and CPU we have on these servers we really want to go for density. Things seem pretty stable at 2048 IPs on the server however as we approach adding 4096 IP's the server (gets us to a nice 80% resource utilization) we start having network issues where we lose all network connectivity to the server until we "service iptables restart" We are also running CSF on the boxes. Is there some limit in Centos by default that limits how many interfaces or rules can be used and if so, can that limit be raised by adjusting sysctl parameters? I know your first thought will be "this seems ludicrous, why would you do it" but at this point I'm rather intrigued why a box of this configuration with x64 Centos would be crapping out? Thank you =) |
Quote:
Quote:
Quote:
Have you tried modprobing all related modules with debugging enabled? And if you're really interested in analyzing this properly: have you tried a debug kernel? |
Quote:
I have not gone so far as to use a debug kernel yet... IP's are added using cPanel's interface which ties them into its "ipaliases" daemon (read: range files/etc don't work with cPanel) My presumption is, I'm hitting a resource/system limit (think Openvz... my servers are NOT running Openvz - just to clarify) and as a result the firewall just stops passing all traffic through it I will be the first to admit, on the debug side of Linux, my chops are pretty weak... It's only out of curiosity and failed repetitive online lurking that I've opened this thread By all means, this is not a "fix my problem" thread, rather, help me understand. Thank you |
Quote:
Quote:
|
All times are GMT -5. The time now is 12:51 AM. |