Fli
04-03-2017, 10:16 PM
Hello,
i wanted to ask if there is anyone who tried to block lets say 100,000 500,000 or 10,000,000 IP entries in IPtables?
How slow it is and which issues one will face?
I assume one thing is RAM usage, unsure how to calculate/estimate it
But bigger issue might be increased time for the server to respond to the connections or starting iptables itself after server reboot? Anyone metered this please?
------------
Here are some interesting images:
http://rogerprice.org/hosts.allow/ipset3.png
Does it mean that 50,000 rules = around 15ms delay? if so, 350,000 rules would be 0,1 second delay.
https://c1.staticflickr.com/8/7575/15815220998_e1935c94c0_b.jpg
There it seems to be similar, around 10ms per like 50K rules in case of iptables, ipsets are much faster.
i wanted to ask if there is anyone who tried to block lets say 100,000 500,000 or 10,000,000 IP entries in IPtables?
How slow it is and which issues one will face?
I assume one thing is RAM usage, unsure how to calculate/estimate it
But bigger issue might be increased time for the server to respond to the connections or starting iptables itself after server reboot? Anyone metered this please?
------------
Here are some interesting images:
http://rogerprice.org/hosts.allow/ipset3.png
Does it mean that 50,000 rules = around 15ms delay? if so, 350,000 rules would be 0,1 second delay.
https://c1.staticflickr.com/8/7575/15815220998_e1935c94c0_b.jpg
There it seems to be similar, around 10ms per like 50K rules in case of iptables, ipsets are much faster.