HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

Table 2 HASH table tunables (continued)

NOTE: The number of RDR rules actually loaded on the system can be more than

the value configured for ipnat_rdr_size tunable. ipnat_rdr_size tunable

increases the chances of a faster rule search.

Using this tunable, you can tune the size of HASH tables, which hold the ACTIVE

NAT (MAP and RDR) connection entries at any given time.

ipnat_nat_table_size

The default value is 127(minimum) and the maximum value is 16383.

For example:

$kctune ipnat_nat_table_size=1000

The new value becomes effective only when ipnat_largenat_enable is set to

1. You must restart the IPFilter for new value to take effect.

If ipnat_nat_table_size tunable is set using kctune while IPFilter is running,

the following warning message is displayed along with the current value in effect.

WARNING:Changes to ipnat_nat_table_size will take effect

only after restarting IPFilter and if ipnat_largenat_enable

is enabled.Value in effect is 127.

NOTE: The number of ACTIVE NAT (MAP and RDR) connections at any given

time can be more than the value configured for ipnat_nat_table_size tunable.

ipnat_nat_table_size tunable increases the chances of a faster connection

search.

Using this tunable, you can tune the size of HASH table, which holds the host

related information like SRC IP, DST IP, Port, and mapping information for both

the incoming and outgoing directions.

ipnat_hostmap_size

The default value is 127(minimum) and the maximum value is 8191.

For example:

$kctune ipnat_hostmap_size=2047

The new value becomes effective only when ipnat_largenat_enable is set to

1. You must restart the IPFilter for new value to take effect.

If ipnat_hostmap_size tunable is set using kctune while IPFilter is running,

the following warning message is displayed along with the current value in effect.

WARNING:Changes to ipnat_hostmap_size will take effect only

after restarting IPFilter and if ipnat_largenat_enable is

enabled.Value in effect is 127

NOTE: The number of SRC IP, DST IP, Port, and mapping information for both

the incoming and outgoing directions can be more than the value configured for

ipnat_hostmap_size tunable. ipnat_hostmap_size tunable increases the

chances of a faster mapping information search.

Enhancements to ipnat command

The kctune infrastructure allows you to change the values when IPFilter is running. However, the

values become effective only when IPFilter is restarted. Therefore, ipnat command is enhanced

to additionally display HASH table sizes, when LARGE NAT is enabled.

For example:

When ipnat_largenat_enable is enabled.

$ ipnat -hl

List of active MAP/Redirect filters:

2 map lan1 20.20.1.1/32 -> 10.10.1.2/32 tag test-tag

LARGE NAT ENABLED

SIZE OF ACTIVE CONNECTIONS

HASH TABLE

1000

52 Configuring and loading NAT rules