I've hitting the problem of ports being too long in TIME-WAIT on a
server heavily under traffic from a single client (actually a firewall
nat-ing). The firewall reuses ports after less than 60 seconds, which
are rejected since the port/addr combination is still in the TIME-WAIT
state.
When googling for this problem, you'll find hints to reduce
net.ipv4.tcp_fin_timeout to something less than 60 seconds. So it was
done, but the TIME-WAIT state still remains for a minute or so, which is
not surprising when reading ip-sysctl.txt which states clearly that
tcp_fin_timeout tunes FIN-WAIT-2, not TIME_WAIT. I had a look at the
source, and found that TCP_TIMEWAIT_LEN is hardcoded to some 60 seconds.
I wonder why this is not configurable (eg. BSD is said to have a tunable
parameter for TIME-WAIT, as well as Windows).
Other parameters that might help in my situation are tcp_tw_recycle and
tcp_tw_reuse. Unfortunately, their function is more or less
undocumented. It appears that both flags enable a non-RFC behaviour,
allowing the protocol stack to reuse a TW port under certain conditions
(which?). I couldn't find any clear suggestions on the net about their
usage. Apparently, there are no technical experts who can elaborate how
and when to use these parameters correctly... Maybe the docs could be
enhanced a little?
Regards,
Andreas
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
