Hello,
Ken Hardy wrote:
> It turned out that certain nets on our WAN had a route to me, but I did
> not have a route back to them. So the SYN-ACK packets were never
> received by the client, so the client never sent the ACK packet. I
> conjectured that the server was filling up with half-open connections
> and could not accept any more until they timed out. This would explain
> why I had the exact same problem with each of three entirely
> independent HTTP proxies that I tried; it was not specific to Squid.
Thanks for the interesting story, but we (and the other folks with the
problem probably) don't run firewalls.
> Could this be the per-process limit of 5 (on sunos) of pending
> connections in the listen(2) queue? It did not affect the other
> processes on the system. Sending a HUP signal to Squid causes it to
> close the listen socket (I presume); don't know about USR2, though. So
> on closing the socket either the kernel would shed those half-open
> connections bound to it, or at least they would not be ascribed to the
> new socket that Squid is listening on. (Would it even be possible to
> program around this problem with the BSD Sockets API?)
Good idea - I'll see if I could replicate the problem on a test
cache, not the very busy ones were the problem shows within a few minutes.
Your message suggests I peek at netstat for anomalous entries - thanks!
-- miguel a.l. paraz <map@iphil.net> | pgp key id: 0x43F0D011 iphil communications, makati city, philippines | <http://www.iphil.net>Received on Fri Jan 24 1997 - 04:03:59 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:10 MST