Large number of http connections immediately dropped
Alexander Strange
astrange at ithinksw.com
Sun Jul 20 18:25:41 UTC 2008
On Jul 17, 2008, at 12:44 PM, Sean Chittenden wrote:
>> -messages is full of:
>> Limiting open port RST response from 441 to 200 packets/sec
>> Limiting open port RST response from 488 to 200 packets/sec
>> Limiting open port RST response from 399 to 200 packets/sec
>> Limiting open port RST response from 434 to 200 packets/sec
>> Limiting open port RST response from 308 to 200 packets/sec
>> I'm not sure if that's related or not.
>
> Likely not, but you want to set net.inet.icmp.icmplim=2000 or
> something much higher. ICMP is a good thing and an important part
> of TCP. For that much traffic, you need more ICMP packets.
> net.inet.tcp.recvspace seems high, you probably only want it to be
> 4096 or maybe double that.... unless your traffic is all HTTP
> posts. Why don't you want to run with accept filters? Any
> firewalls or rate filters in the way? -sc
The httpready filter was just off for debugging (in case it solved our
problem) - it didn't seem to affect it, so it's back on now.
There are a lot of large HTTP posts happening, and we don't seem to be
low on memory, so recvspace should be ok. somaxconn is also much
higher than necessary, though, so maybe that could be a problem.
Anyway, raising icmplim has emptied the system log, but there are
still several errors per minute. I don't think any of the netstat -s
counters are going up at the same rate, but I'll keep looking at those.
And there's no firewalls or packet shapers in front of it.
More information about the freebsd-performance
mailing list