Properties

RCMaxCollision

Maximum allowed number of colliding rule cache entries. A higher value will allow more policy lookup results to be cached, even though there are collisions between them, but flow maintenance will become increasingly costly. Collisions are most likely caused by many similar tunnels (many tunnels with the same user as an example), and less likely caused by lots of detailed but similar rules. The value may be beneficial to decrease if tunnel setup rates are very high, but each tunnel is only active for brief moments. Likewise the value may be beneficial to increase if there are many active tunnels, but setup rate is low. (Default: 512)

RCMaxGridSize

Maximum number of rule cache grid units. Each unit takes about 4Kb of memory; too few units will make classification slow, this will increase the load of the unit and affect flow establishing time negatively. (Default: 4096)

RCMaxCacheSize

Maximum number of rule cache entries. Each entry represents a unique classification result and takes about 256b of memory; if there are too few entries, existing entries need to be discarded. Existing flows may be torn down as a consequence of this. (Default: 400000)

LogRCLost

Whether to log when a rule cache entry (policy lookup result) is lost. (Default: Always)

ReclassifyQuota

Percent of incoming packets (potentially) allowed to update existing flows; 99% will favor connection attempts over existing connections, 1% will favor existing connections over connection attempts. (Default: 30)

UnclassifiedQuota

Percent of incoming packets (potentially) allowed to setup new flows; 99% will favor connection attempts over existing connections, 1% will favor existing connections over connection attempts. (Default: 5)