[158659] in North American Network Operators' Group
Re: TCP time_wait and port exhaustion for servers
daemon@ATHENA.MIT.EDU (Ray Soucy)
Thu Dec 6 08:34:05 2012
In-Reply-To: <87boe8mc3r.fsf@lenovo.isvtec.com>
Date: Thu, 6 Dec 2012 08:32:03 -0500
From: Ray Soucy <rps@maine.edu>
To: Cyril Bouthors <cyril@bouthors.org>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This tunes conntrack, not local TCP on the server itself.
On Wed, Dec 5, 2012 at 4:18 PM, Cyril Bouthors <cyril@bouthors.org> wrote:
> On 5 Dec 2012, rps@maine.edu wrote:
>
>> Where there is no way to change this though /proc
>
> 10:17PM lenovo:~% sudo sysctl -a |grep wait
> net.netfilter.nf_conntrack_tcp_timeout_fin_wait =3D 120
> net.netfilter.nf_conntrack_tcp_timeout_close_wait =3D 60
> net.netfilter.nf_conntrack_tcp_timeout_time_wait =3D 120
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait =3D 120
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait =3D 60
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait =3D 120
> 10:17PM lenovo:~%
>
> ?
>
> We use this to work around the default limit on our internal load balance=
rs.
>
> HIH.
> --
> Cyril Bouthors - Administration Syst=E8me, Infog=E9rance
> ISVTEC SARL, 14 avenue de l'Op=E9ra, 75001 Paris
> 1 rue =C9mile Zola, 69002 Lyon
> T=E9l : 01 84 16 16 17 - Fax : 01 77 72 57 24
> Ligne directe : 0x7B9EE3B0E
--=20
Ray Patrick Soucy
Network Engineer
University of Maine System
T: 207-561-3526
F: 207-561-3531
MaineREN, Maine's Research and Education Network
www.maineren.net
