[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TCP time_wait and port exhaustion for servers

Subject: TCP time_wait and port exhaustion for servers
From: rps at maine.edu (Ray Soucy)
Date: Thu, 6 Dec 2012 08:32:03 -0500
In-reply-to: <[email protected]>
References: <CALFTrnNj2e9HUjukAUi-jtTsuGTugxe2-iEpm8v+wk8JKnuBQA@mail.gmail.com> <[email protected]>

This tunes conntrack, not local TCP on the server itself.

On Wed, Dec 5, 2012 at 4:18 PM, Cyril Bouthors <cyril at bouthors.org> wrote:
> On  5 Dec 2012, rps at maine.edu wrote:
>
>> Where there is no way to change this though /proc
>
> 10:17PM lenovo:~% sudo sysctl -a |grep wait
> net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
> net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
> net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
> 10:17PM lenovo:~%
>
> ?
>
> We use this to work around the default limit on our internal load balancers.
>
> HIH.
> --
> Cyril Bouthors - Administration Syst?me, Infog?rance
> ISVTEC SARL, 14 avenue de l'Op?ra, 75001 Paris
> 1 rue ?mile Zola, 69002 Lyon
> T?l : 01 84 16 16 17 - Fax : 01 77 72 57 24
> Ligne directe : 0x7B9EE3B0E



-- 
Ray Patrick Soucy
Network Engineer
University of Maine System

T: 207-561-3526
F: 207-561-3531

MaineREN, Maine's Research and Education Network
www.maineren.net

References:
- TCP time_wait and port exhaustion for servers
  - From: rps at maine.edu (Ray Soucy)
- TCP time_wait and port exhaustion for servers
  - From: cyril at bouthors.org (Cyril Bouthors)

Prev by Date: TCP time_wait and port exhaustion for servers
Next by Date: Fwd: [Infowarrior] - Leaked: ITU's secret Internet surveillance standard discussion draft]
Previous by thread: TCP time_wait and port exhaustion for servers
Next by thread: TCP time_wait and port exhaustion for servers
Index(es):
- Date
- Thread