Hello again guys...
I have a webserver who should be able to handle 10,000 established
requests, right now its been tested with 1000 but it fails because of
to many connections on TIME_WAIT
I have been reading prior to posting and it seems I have two options:
Increse these two:
sysctl -a | grep conntrack | grep net.nf_conntrack_max
net.nf_conntrack_max = 31772
sysctl -w net.netfilter.nf_conntrack_max=131072
echo 32768 > /sys/module/nf_conntrack/parameters/hashsize
Or decrease the timeouts.. which right now I have...
Right now I have:
sysctl -a | grep conntrack | grep timeout
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_established = 432000
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_udp_timeout = 30
net.netfilter.nf_conntrack_udp_timeout_stream = 180
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_events_retry_timeout = 15
Iam more keen to the second because high
net.ipv4.netfilter.ip_conntrack_max according to what I read can lead
to system freeze.... so can anybody offer me a reference to tune and
lower these paratemers? I tried lowering the
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait to 5 ... but
that didnt change anything much.
Thanks..!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
