Date: Sun, 09 Mar 2008 18:39:14 +0000 From: roy lee <dotyao@gmail.com> To: Manolis Kiagias <sonicy@otenet.gr> Cc: freebsd-questions@freebsd.org Subject: Re: Large numbers of Limiting open port RST response from 6 to 5 packets/sec Message-ID: <47D42ED2.20605@gmail.com> In-Reply-To: <47D3B52C.4040304@otenet.gr> References: <47D40943.5080802@gmail.com> <47D3ABD0.5090108@otenet.gr> <47D42247.103@gmail.com> <47D3B52C.4040304@otenet.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Manolis Kiagias 写道: > roy lee wrote: >> Manolis Kiagias 写道: >>> >>> >>> roy lee wrote: >>>> this is a web server,use nginx, Large numbers of Limiting >>>> open port RST response from 6 to 5 packets/sec. >>>> >>>> I need help. >>>> >>>> dmesg: >>>> Limiting open port RST response from 11 to 5 packets/sec >>>> Limiting open port RST response from 6 to 5 packets/sec >>>> Limiting open port RST response from 8 to 5 packets/sec >>>> Limiting open port RST response from 6 to 5 packets/sec >>>> Limiting open port RST response from 8 to 5 packets/sec >>>> Limiting open port RST response from 7 to 5 packets/sec >>>> Limiting open port RST response from 7 to 5 packets/sec >>>> Limiting open port RST response from 14 to 5 packets/sec >>>> Limiting open port RST response from 11 to 5 packets/sec >>>> Limiting open port RST response from 9 to 5 packets/sec >>>> Limiting open port RST response from 12 to 5 packets/sec >>>> Limiting open port RST response from 6 to 5 packets/sec >>>> ....... >>>> >>>> uname -a >>>> FreeBSD qz14253.tmdxy.org 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Mar >>>> 8 20:41:05 UTC 2008 roy@qz14253.tmdxy.org:/usr/obj/usr/src/sys/ >>>> qz2kernel i386 >>>> >>>> <SNIP> >>>> >>>> sysctl.conf: >>>> net.inet.icmp.drop_redirect=1 >>>> net.inet.icmp.log_redirect=1 >>>> net.inet.tcp.msl=2500 >>>> net.inet.icmp.icmplim=5 >>>> kern.ipc.somaxconn=32768 >>>> kern.ipc.shmall=32768 >>>> kern.ipc.shmmax=134217728 >>>> kern.ipc.semmap=256 >>>> >>>> <SNIP> >>> ICMP packets are rate-limited by the kernel, but you limited them >>> even more with this: >>> >>> net.inet.icmp.icmplim=5 >>> >>> This is the cause of your messages. Adjust it to about 500. >>> >>> >> if sysctl net.inet.icmp.icmplim=500 , the services will stop, >> twisted log : writev() failed (32: Broken pipe) while sending request >> to upstream > This is weird. We use 500 on a production web server (large torrent > site). Kernel default is 200, you may wish to use this value. > > Revised to 200,At present normal,I will continue to follow. thank you!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47D42ED2.20605>