Hmm. I now think that your dst cache overflows are related to routing tables and not connection tracking. In particular, what's, # cat /proc/sys/net/ipv4/route/max_size # grep dst_cache /proc/slabinfo Also, are you using IPv6 as well as IPv4? What's your routing situation, do you have lots of dynamic routes, or other complex setups? What about dynamic interfaces (e.g., PPP) that are always being brought up and down? Also try, # ip route list table all And, have you since updated your kernel to 2.6.9-1.724_FC3, and are you still experiencing the overflow? -- Deron Meranda