Large number of invalid packets detected
Cliff Wells
cliff at develix.com
Tue May 20 18:00:22 MSD 2008
On Sun, 2008-05-18 at 07:30 -0700, Rt Ibmer wrote:
> >Is it possible to deactive the iptables, due the fact that a lot of the
> >high performance setups out there have seen that the connection tracking
> >with iptables have really bad performance impacts?
It scales pretty well until getting well past 10k connections. I don't
think this is a real concern in this case.
> At this point, however, I am more concerned about whether indeed there
> is some sort of problem with my hardware and/or software at some other
> place (outside of iptables) that iptables has brought to light due to
> its logging of this issue (which otherwise is invisible - in other
> words it does not seem to impact people using the site).
I'd suspect hardware/firmware issues, either your server's NIC (perhaps
not 100% Linux-supported?), your hosting company's switch/router, or
even a bad cable. The forum you linked to is quite descriptive and
you'll find that one poster (IPTables Friend 10:59 am on Nov. 10, 2007)
specifically mentions resolving this issue by reconfiguring an upstream
router that was doing packet-mangling.
Regards,
Cliff
More information about the nginx
mailing list