Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 09 Mar 2008 12:00:12 +0200
From:      Manolis Kiagias <sonicy@otenet.gr>
To:        roy lee <dotyao@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Large numbers of Limiting open port RST response from 6 to 5 packets/sec
Message-ID:  <47D3B52C.4040304@otenet.gr>
In-Reply-To: <47D42247.103@gmail.com>
References:  <47D40943.5080802@gmail.com> <47D3ABD0.5090108@otenet.gr> <47D42247.103@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
roy lee wrote:
> Manolis Kiagias 写道:
>>
>>
>> roy lee wrote:
>>> this is  a web server,use nginx, Large numbers of Limiting
>>> open port RST response from 6 to 5 packets/sec.
>>>
>>> I need help.
>>>
>>> dmesg:
>>> Limiting open port RST response from 11 to 5 packets/sec
>>> Limiting open port RST response from 6 to 5 packets/sec
>>> Limiting open port RST response from 8 to 5 packets/sec
>>> Limiting open port RST response from 6 to 5 packets/sec
>>> Limiting open port RST response from 8 to 5 packets/sec
>>> Limiting open port RST response from 7 to 5 packets/sec
>>> Limiting open port RST response from 7 to 5 packets/sec
>>> Limiting open port RST response from 14 to 5 packets/sec
>>> Limiting open port RST response from 11 to 5 packets/sec
>>> Limiting open port RST response from 9 to 5 packets/sec
>>> Limiting open port RST response from 12 to 5 packets/sec
>>> Limiting open port RST response from 6 to 5 packets/sec
>>> .......
>>>
>>> uname -a
>>> FreeBSD qz14253.tmdxy.org 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Mar
>>> 8 20:41:05 UTC 2008     roy@qz14253.tmdxy.org:/usr/obj/usr/src/sys/
>>> qz2kernel  i386
>>>
>>> <SNIP>
>>>
>>> sysctl.conf:
>>> net.inet.icmp.drop_redirect=1
>>> net.inet.icmp.log_redirect=1
>>> net.inet.tcp.msl=2500
>>> net.inet.icmp.icmplim=5
>>> kern.ipc.somaxconn=32768
>>> kern.ipc.shmall=32768
>>> kern.ipc.shmmax=134217728
>>> kern.ipc.semmap=256
>>>
>>> <SNIP>
>> ICMP packets are rate-limited by the kernel, but you limited them 
>> even more with this:
>>
>> net.inet.icmp.icmplim=5
>>
>> This is the cause of your messages. Adjust it to about 500.
>>
>>
> if sysctl net.inet.icmp.icmplim=500 , the services will stop,
> twisted log : writev() failed (32: Broken pipe) while sending request 
> to upstream
This is weird. We use 500 on a production web server (large torrent 
site). Kernel default is 200, you may wish to use this value.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47D3B52C.4040304>