Date: Sun, 20 Jul 2008 14:25:40 -0400 From: Alexander Strange <astrange@ithinksw.com> To: freebsd-performance@freebsd.org Subject: Re: Large number of http connections immediately dropped Message-ID: <DA8B0056-77EC-4FE5-8CA6-3CADD3A5482B@ithinksw.com> In-Reply-To: <31AFE70B-CE45-42DE-97C7-AFF96383C6E2@chittenden.org> References: <E6D474AE-2295-4A13-8FF9-FD24404FBC80@ithinksw.com> <31AFE70B-CE45-42DE-97C7-AFF96383C6E2@chittenden.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 17, 2008, at 12:44 PM, Sean Chittenden wrote: >> -messages is full of: >> Limiting open port RST response from 441 to 200 packets/sec >> Limiting open port RST response from 488 to 200 packets/sec >> Limiting open port RST response from 399 to 200 packets/sec >> Limiting open port RST response from 434 to 200 packets/sec >> Limiting open port RST response from 308 to 200 packets/sec >> I'm not sure if that's related or not. > > Likely not, but you want to set net.inet.icmp.icmplim=2000 or > something much higher. ICMP is a good thing and an important part > of TCP. For that much traffic, you need more ICMP packets. > net.inet.tcp.recvspace seems high, you probably only want it to be > 4096 or maybe double that.... unless your traffic is all HTTP > posts. Why don't you want to run with accept filters? Any > firewalls or rate filters in the way? -sc The httpready filter was just off for debugging (in case it solved our problem) - it didn't seem to affect it, so it's back on now. There are a lot of large HTTP posts happening, and we don't seem to be low on memory, so recvspace should be ok. somaxconn is also much higher than necessary, though, so maybe that could be a problem. Anyway, raising icmplim has emptied the system log, but there are still several errors per minute. I don't think any of the netstat -s counters are going up at the same rate, but I'll keep looking at those. And there's no firewalls or packet shapers in front of it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DA8B0056-77EC-4FE5-8CA6-3CADD3A5482B>