Counter-Intuitive Settings -- e.g. prioritize ICMP

Discussion in 'Tomato Firmware' started by Planiwa, Jun 17, 2013.

  1. Planiwa

    Planiwa Network Guru Member

    Some settings seem obvious. But there may be more than appears at first glance.

    ICMP Priority
    There are reasons why one might want to prioritize ICMP traffic.
    There are reasons why one might not want to prioritize ICMP traffic.
    Those latter reasons really matter to me.

    TCP Timeouts.
    If all we care about is getting connections out of the system as soon as possible, then it seems reasonable to minimize all timeouts.
    But if we want to solve problems, we need information about what is going on, and we don't want to get rid of the evidence before we've had a chance to examine it. Thus, a Close timeout of 60, rather than 10, gives us an extra 50 seconds of time during which we can collect data on the connections involved with the problem.

    Connection Table Size
    Some of us remember the dark ages, when the pundits first discovered problems because of "too many connections". The obvious first response was to increase the connection limit. Now, instead of error messages, the router would crash quietly. Like making one's smoke alarm less sensitive to smoke. Soon, manufacturers would put reassuring advertising claims on their routers, such as "300,000 Sessions -- Stable Download" (Asus).

    Any others?
  2. koitsu

    koitsu Network Guru Member

    Please don't adjust the TCP timeout values. You might be surprised what kind of ill-effects this can have on TCP stacks on the remote side; sometimes socket re-use can take multiple (full) seconds to re-set-up, and some other edge cases depending on what TCP stack features are used. Please just leave these at their defaults.

    The other items you list off (ICMP prio and Conntable size) are legit. However, with regards to Conntable size, be aware that increasing this too much can cause router instability and/or crashes, given RAM limitations and so on. My recommendation is not to screw with it -- OCD people try to "tune" all this stuff, without really understanding it or taking into consideration how the conntable stack, the netfilter stack, or the underlying kernel VM works. Best to just let it alone. :)
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice