Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 20 Jul 2008 14:25:40 -0400
From:      Alexander Strange <astrange@ithinksw.com>
To:        freebsd-performance@freebsd.org
Subject:   Re: Large number of http connections immediately dropped
Message-ID:  <DA8B0056-77EC-4FE5-8CA6-3CADD3A5482B@ithinksw.com>
In-Reply-To: <31AFE70B-CE45-42DE-97C7-AFF96383C6E2@chittenden.org>
References:  <E6D474AE-2295-4A13-8FF9-FD24404FBC80@ithinksw.com> <31AFE70B-CE45-42DE-97C7-AFF96383C6E2@chittenden.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Jul 17, 2008, at 12:44 PM, Sean Chittenden wrote:

>> -messages is full of:
>> Limiting open port RST response from 441 to 200 packets/sec
>> Limiting open port RST response from 488 to 200 packets/sec
>> Limiting open port RST response from 399 to 200 packets/sec
>> Limiting open port RST response from 434 to 200 packets/sec
>> Limiting open port RST response from 308 to 200 packets/sec
>> I'm not sure if that's related or not.
>
> Likely not, but you want to set net.inet.icmp.icmplim=2000 or  
> something much higher.  ICMP is a good thing and an important part  
> of TCP.  For that much traffic, you need more ICMP packets.   
> net.inet.tcp.recvspace seems high, you probably only want it to be  
> 4096 or maybe double that.... unless your traffic is all HTTP  
> posts.  Why don't you want to run with accept filters?  Any  
> firewalls or rate filters in the way?  -sc

The httpready filter was just off for debugging (in case it solved our  
problem) - it didn't seem to affect it, so it's back on now.

There are a lot of large HTTP posts happening, and we don't seem to be  
low on memory, so recvspace should be ok. somaxconn is also much  
higher than necessary, though, so maybe that could be a problem.

Anyway, raising icmplim has emptied the system log, but there are  
still several errors per minute. I don't think any of the netstat -s  
counters are going up at the same rate, but I'll keep looking at those.

And there's no firewalls or packet shapers in front of it.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DA8B0056-77EC-4FE5-8CA6-3CADD3A5482B>