nanog mailing list archives

Re: TCP time_wait and port exhaustion for servers

From: Ray Soucy <rps () maine edu>
Date: Thu, 6 Dec 2012 08:32:03 -0500

This tunes conntrack, not local TCP on the server itself.

On Wed, Dec 5, 2012 at 4:18 PM, Cyril Bouthors <cyril () bouthors org> wrote:

On  5 Dec 2012, rps () maine edu wrote:

Where there is no way to change this though /proc


10:17PM lenovo:~% sudo sysctl -a |grep wait
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
10:17PM lenovo:~%

?

We use this to work around the default limit on our internal load balancers.

HIH.
--
Cyril Bouthors - Administration Système, Infogérance
ISVTEC SARL, 14 avenue de l'Opéra, 75001 Paris
1 rue Émile Zola, 69002 Lyon
Tél : 01 84 16 16 17 - Fax : 01 77 72 57 24
Ligne directe : 0x7B9EE3B0E




-- 
Ray Patrick Soucy
Network Engineer
University of Maine System

T: 207-561-3526
F: 207-561-3531

MaineREN, Maine's Research and Education Network
www.maineren.net

Current thread:

Re: TCP time_wait and port exhaustion for servers, (continued)
- - - Re: TCP time_wait and port exhaustion for servers Mark Andrews (Dec 05)
    - Re: TCP time_wait and port exhaustion for servers William Herrin (Dec 05)
    - Re: TCP time_wait and port exhaustion for servers Jon Lewis (Dec 05)
    - Re: TCP time_wait and port exhaustion for servers Fred Baker (fred) (Dec 05)
    - Re: TCP time_wait and port exhaustion for servers David Conrad (Dec 05)
    - RE: TCP time_wait and port exhaustion for servers Terry Baranski (Dec 05)
    - Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 05)
- Re: TCP time_wait and port exhaustion for servers Owen DeLong (Dec 05)
- Re: TCP time_wait and port exhaustion for servers Cyril Bouthors (Dec 05)
  - Re: TCP time_wait and port exhaustion for servers Jon Lewis (Dec 05)
  - Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 06)
- Re: TCP time_wait and port exhaustion for servers Mark Andrews (Dec 05)
- Re: TCP time_wait and port exhaustion for servers Kyrian (Dec 06)
  - Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 06)
    - Re: TCP time_wait and port exhaustion for servers Kyrian (Dec 06)
    - Re: TCP time_wait and port exhaustion for servers William Allen Simpson (Dec 06)
    - Re: TCP time_wait and port exhaustion for servers Jean-Francois Mezei (Dec 06)
    - Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 06)
    - Re: TCP time_wait and port exhaustion for servers Matthew Palmer (Dec 07)
    - Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 07)