RE: [squid-users] Re: Server crashes from Lightfoot.Michael on 2002-11-26 (squid-users)

From: Lightfoot.Michael <Lightfoot.Michael@dont-contact.us>
Date: Wed, 27 Nov 2002 11:48:04 +1100

> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Tuesday, 26 November 2002 10:15 PM
> To: Lightfoot.Michael
> Cc: Monah Baki; squid-users@squid-cache.org
> Subject: Re: [squid-users] Re: Server crashes

> Note: The TCP/IP standard REQUIRES TIME_WAIT to be at least
> 120 seconds. There usually is no good reasons to make this much lower.
>
Hmm, it's still a particularly stupid number on modern networks. It
makes much sense to set this rather than suffer hundreds or thousands of
connections sitting there waiting for Godot. :-) BTW, which RFC defines
this?

> What you should do is to increase the span of unbound TCP/IP
> ports used when applications make TCP connections if this is
> limited. I don't know what the default is for Solaris, but on
> many Linux versions this span is only about 4K ports which is
> not sufficient for high rate proxies..
>
Can't remember offhand but I seem to remember either 3000 or 4000 - and
I can't quickly find which obscure parameter to ndd is relevant. :-(

I originally had to set time_wait_interval on Solaris 2.6 when proxies
started to die once open connections (including ones in TIME_WAIT)
exceeded about 3000 (so my guess is that version of Solaris defaulted to
3000.)

> You should not have very many sockets in CLOSE_WAIT. If you
> have then there is most likely an application error.
> CLOSE_WAIT is seen when the remote end has closed the
> connection (or at least it's transmit channel) but the local
> application has not yet closed the connection. In the squid
> configuration the directive "half_closed_clients on/off" is
> related to CLOSE_WAIT sockets.
>
I simply included them as they represent one type of "stuck" half-closed
connection. I never see more than a couple ever (and usually none
thankfully.)

In any case the original enquirer is apparently running openBSD so my
advice was probably not useful. ;-)

Michael Lightfoot
Unix Consultant
ISG Host Systems
Comcare
+61 2 62750680
------------------------------------------------------------------------
NOTICE: This e-mail message and attachments may contain confidential
information. If you are not the intended recipient you should not use or
disclose any information in the message or attachments. If received in
error, please notify the sender by return email immediately. Comcare
does not waive any confidentiality or privilege.
Received on Tue Nov 26 2002 - 21:23:36 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:35 MST