Subject: Re: IFQ_MAXLEN: How large can it be?
To: None <>
From: Christoph Kaegi <>
List: tech-net
Date: 11/16/2006 08:44:32
On 15.11-10:48, Steven M. Bellovin wrote:
> > 
> > So I bumped this number on our quite busy firewall up from 256 
> > to 1024 and later to 4096, but I still get 1'026'678 dropped 
> > packets during 8 days uptime.
> > 
> It's far from clear to me that this is a big help.  There's a fair amount
> of literature that says that too-large router queues are bad, since they
> end up having many retransmissions of the same data.  I suggest that you
> look at other resources -- CPU and output line rate come to mind -- and
> start playing with some of the fancier queueing options on your output
> link.  (I wonder -- it would be nice to be able to do RED on things like
> the IP input queue.  Is that possible?)

What is "RED"? What do you mean bei "output line rate"?
I wasn't aware I had queueing options on my output links.
Did you mean ALTQ? Does that work?

I'll gladly do any measuring and reporting you request if you 
help me to interpret the values :-)

I have to say though, that we're somewhat limited playing around
with this system as it is in production. My timeslot for reboots
is some hours every two weeks.


Christoph Kaegi