[158650] in North American Network Operators' Group
Re: TCP time_wait and port exhaustion for servers
daemon@ATHENA.MIT.EDU (Jon Lewis)
Wed Dec 5 20:45:27 2012
Date: Wed, 5 Dec 2012 20:44:43 -0500 (EST)
From: Jon Lewis <jlewis@lewis.org>
To: Cyril Bouthors <cyril@bouthors.org>
In-Reply-To: <87boe8mc3r.fsf@lenovo.isvtec.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, 5 Dec 2012, Cyril Bouthors wrote:
> On 5 Dec 2012, rps@maine.edu wrote:
>
>> Where there is no way to change this though /proc
>
> 10:17PM lenovo:~% sudo sysctl -a |grep wait
> net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
> net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
> net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
Those netfilter connection tracking tunables have nothing to do with the
kernel's TCP socket handling.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
