nanog mailing list archives
Re: TCP time_wait and port exhaustion for servers
From: Matthew Palmer <mpalmer () hezmatt org>
Date: Sat, 8 Dec 2012 08:51:02 +1100
On Thu, Dec 06, 2012 at 08:58:10AM -0500, Ray Soucy wrote:
net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_time = 90 net.ipv4.tcp_fin_timeout = 30As discussed, those do not affect TCP_TIMEWAIT_LEN. There is a lot of misinformation out there on this subject so please don't just Google for 5 min. and chime in with a "solution" that you haven't verified yourself. We can expand the ephemeral port range to be a full 60K (and we have as a band-aid), but that only delays the issue as use grows. I can verify that changing it via: echo 1025 65535 > /proc/sys/net/ipv4/ip_local_port_range Does work for the full range, as a spot check shows ports as low as 2000 and as high as 64000 being used.
I can attest to the effectiveness of this method, however be sure and add any ports in that range that you use as incoming ports for services to /proc/sys/net/ipv4/ip_local_reserved_ports, otherwise the first time you restart a service that uses a high port (*cough*NRPE*cough*), its port will probably get snarfed for an outgoing connection and then you're in a sad, sad place. - Matt -- [An ad for Microsoft] uses the musical theme of the "Confutatis Maledictis" from Mozart's Requiem. "Where do you want to go today?" is on the screen, while the chorus sings "Confutatis maledictis, flammis acribus addictis,". Translation: "The damned and accursed are convicted to the flames of hell."
Current thread:
- Re: TCP time_wait and port exhaustion for servers, (continued)
- Re: TCP time_wait and port exhaustion for servers Cyril Bouthors (Dec 05)
- Re: TCP time_wait and port exhaustion for servers Jon Lewis (Dec 05)
- Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 06)
- Re: TCP time_wait and port exhaustion for servers Mark Andrews (Dec 05)
- Re: TCP time_wait and port exhaustion for servers Kyrian (Dec 06)
- Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 06)
- Re: TCP time_wait and port exhaustion for servers Kyrian (Dec 06)
- Re: TCP time_wait and port exhaustion for servers William Allen Simpson (Dec 06)
- Re: TCP time_wait and port exhaustion for servers Jean-Francois Mezei (Dec 06)
- Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 06)
- Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 06)
- Re: TCP time_wait and port exhaustion for servers Matthew Palmer (Dec 07)
- Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 07)
- Re: TCP time_wait and port exhaustion for servers Cyril Bouthors (Dec 05)