From owner-freebsd-net Mon Jun 3 9:58:35 2002 Delivered-To: freebsd-net@freebsd.org Received: from ruminary.org (chiku.ruminary.org [216.218.185.24]) by hub.freebsd.org (Postfix) with ESMTP id E36E037B400 for ; Mon, 3 Jun 2002 09:58:32 -0700 (PDT) Received: by ruminary.org (Postfix, from userid 1000) id C4C1422E19; Mon, 3 Jun 2002 09:58:25 -0700 (PDT) Date: Mon, 3 Jun 2002 09:58:25 -0700 From: clark shishido To: Nguyen-Tuong Long Le Cc: freebsd-net@freebsd.org Subject: Re: Problem with SYN cache in FreeBSD 4.5 Message-ID: <20020603095825.A47070@ruminary.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from le@cs.unc.edu on Mon, Jun 03, 2002 at 01:59:13AM -0400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Jun 03, 2002 at 01:59:13AM -0400, Nguyen-Tuong Long Le wrote: > Hi all, > > Our group has a proprietary web server that can handle 10000 requests/s > under FreeBSD 4.3 release. We recently upgraded our system to 4.5 and got > very poor performance. While the web server runs, I see lots of messages > similar to the following on the console > "Limiting open port RST response from 1068 to 200 packets per second". > > The problem seems to be related to the syncache implementation > that drops incoming SYN segments. 4.5-RELEASE included a new feature, syncookies try turning it off: net.inet.tcp.syncookies: 0 you might also need to patch the kernel: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02%3A20.syncache.asc --clark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message