TCP time_wait and port exhaustion for servers

Ray Soucy rps at maine.edu
Thu Dec 6 13:32:03 UTC 2012


This tunes conntrack, not local TCP on the server itself.

On Wed, Dec 5, 2012 at 4:18 PM, Cyril Bouthors <cyril at bouthors.org> wrote:
> On  5 Dec 2012, rps at maine.edu wrote:
>
>> Where there is no way to change this though /proc
>
> 10:17PM lenovo:~% sudo sysctl -a |grep wait
> net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
> net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
> net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
> net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
> 10:17PM lenovo:~%
>
> ?
>
> We use this to work around the default limit on our internal load balancers.
>
> HIH.
> --
> Cyril Bouthors - Administration Système, Infogérance
> ISVTEC SARL, 14 avenue de l'Opéra, 75001 Paris
> 1 rue Émile Zola, 69002 Lyon
> Tél : 01 84 16 16 17 - Fax : 01 77 72 57 24
> Ligne directe : 0x7B9EE3B0E



-- 
Ray Patrick Soucy
Network Engineer
University of Maine System

T: 207-561-3526
F: 207-561-3531

MaineREN, Maine's Research and Education Network
www.maineren.net




More information about the NANOG mailing list