On Thu, Jul 19, 2007 at 03:40:27PM -0700, Konstantin Svist wrote: > # cat /proc/sys/net/netfilter/nf_conntrack_max > 65536 > > somehow I doubt I have THAT many connections :) > > highest load right now is around 600 requests per second, and ~60% > complete within 10ms - the rest complete within 200ms (unless the > firewall is turned on - then some start timing out 3s and up) 600s * 120s ip_conntrack_tcp_timeout_time_wait = 72000 entries ( => http://www.isi.edu/touch/pubs/infocomm99/infocomm99-web/ ) You might want to try to reduce those timers or just push up your hash bucket = max entry values to maybe twice that.
Attachment:
signature.asc
Description: Digital signature
