From owner-freebsd-hackers Thu May 8 11:30:44 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id LAA11891 for hackers-outgoing; Thu, 8 May 1997 11:30:44 -0700 (PDT) Received: from mh1.cts.com (root@mh1.cts.com [205.163.24.66]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA11886 for ; Thu, 8 May 1997 11:30:42 -0700 (PDT) Received: from engineering ([204.94.95.22]) by mh1.cts.com (8.8.5/8.8.5) with SMTP id LAA00734 for ; Thu, 8 May 1997 11:30:41 -0700 (PDT) Message-Id: <3.0.1.32.19970508112931.0094b570@mail.websidestory.com> X-Sender: garrett@mail.websidestory.com X-Mailer: Windows Eudora Light Version 3.0.1 (32) Date: Thu, 08 May 1997 11:29:31 -0700 To: hackers@FreeBSD.ORG From: Garrett Casey Subject: SYN_RCVD problem Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Hey all, I currently doing some working with a company called WebSideStory, Inc. The have 8 machines with FreeBSD 2.1.7 (at least a majority do). They are web servers running the current version of Apache. All are 200mhz Pentium Pros with 128mg ram with, I believe, Intel PCI ethernet. Currently, these 8 machines are getting 19,000,000+ httpd requests to cgi scripts A DAY - pushing out 20bg+ of bandwidth. We have requests to these servers coming from basically every possible route on the Internet. If there are some strange routing anamolies - our SYN_RCVDs sky rocket! Lately, on all the machines I have been running netstat -an | grep SYN | wc -l and during stress times get 180-193, which of course means that there are so many SYN_RCVD waiting that no one can get get to servers. Question: Is there a way to make the SYN_RCVD time out quicker. What if I change some of the settings in tcp_timer.h? Is there something I can do to help prevent this problem in the future? Can I increase the SYN_RCVD max (isn't it at about 200)? Any suggestions to this problem would be greatly appreciated. -Garrett garrett@websidestory.com