Re: [squid-users] Dual Processor. from Francisco Obispo on 2002-07-12 (squid-users)

From: Francisco Obispo <fobispo@dont-contact.us>
Date: Fri, 12 Jul 2002 09:45:42 -0400

I've enabled syn_cookies and enable 8192 SYN_BACKLOG, kernel messages
are GONE!!!! and the cache is responding VERY VERY FAST!

Thank you very much for your assistance..

Marc Elsen wrote:

>>>>Marc Elsen wrote:
>>>>
>>>>>Francisco Obispo wrote:
>>>>>
>>>>>
>>>>>>About the "kernel: NET: XX messages suppressed." I didn't find any other
>>>>>>related messages.. I think is due to heavy load ( > 4000 hosts).
>>>>>>
>>>>>Could be, did you look in /var/log/messages just above
>>>>>for each of those ...suppressed... lines ?
>>>>>
>>>>>
>>>>>
>>>>Yes ... but I never found any other "errors" from kernel... everything
>>>>looked normal..
>>>>...
>>>>
>>>
>>>Strange, you may also want to look the output of the :
>>>
>>># dmesg
>>>
>
>>Hi..
>>
>
>>I've checked dmesg and found this..
>>
>
>>TCP: drop open request from 150.187.68.9/4656
>>NET: 463 messages suppressed.
>>TCP: drop open request from 150.187.42.2/1458
>>NET: 597 messages suppressed.
>>TCP: drop open request from 150.187.12.2/37834
>>NET: 563 messages suppressed.
>>TCP: drop open request from 150.187.37.17/2418
>>NET: 476 messages suppressed.
>>TCP: drop open request from 150.188.6.101/4227
>>NET: 467 messages suppressed.
>>TCP: drop open request from 150.187.2.5/4080
>>NET: 554 messages suppressed.
>>TCP: drop open request from 150.187.68.9/1154
>>NET: 531 messages suppressed.
>>TCP: drop open request from 150.187.37.17/2657
>>NET: 454 messages suppressed.
>>TCP: drop open request from 150.187.42.2/2313
>>NET: 400 messages suppressed.
>>TCP: drop open request from 150.187.68.9/1331
>>NET: 522 messages suppressed.
>>TCP: drop open request from 150.187.108.3/3483
>>NET: 362 messages suppressed.
>>TCP: drop open request from 150.187.68.9/1381
>>NET: 495 messages suppressed.
>>TCP: drop open request from 150.187.54.5/4310
>>NET: 340 messages suppressed.
>>TCP: drop open request from 150.187.67.21/1610
>>NET: 447 messages suppressed.
>>TCP: drop open request from 150.187.8.30/1673
>>NET: 489 messages suppressed.
>>TCP: drop open request from 150.187.29.70/1531
>>
>
>>what should I do to avoid this problem?
>>
>
>>THanks..
>>
>
>
> It indicates that the rate at which your kernel is receiving requests
> for new tcp connections is way too high.
>
> The output is suspicious :
>
> Check :
>
> # netstat -a
>
> on your system, to see whether perhaps there are many tcp
> connections in a strange state, such as for instance SYN_RECV.
>
> In the worst case your system may be under SYN flood attacks,
> for instance.
>
> You can try enabling tcp_syncookies, in that case :
>
> echo "1" >/proc/sys/net/ipv4/tcp_syncookies
>
> M.
>
>
Received on Fri Jul 12 2002 - 07:46:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:13 MST