Date: Sat, 2 Feb 2013 17:20:19 -0700 (MST) From: Warren Block <wblock@wonkity.com> To: freebsd-doc@freebsd.org, edward@rdtan.net Subject: Re: [RFC] Q&A propose to add into FAQ Message-ID: <alpine.BSF.2.00.1302021715180.16715@lightning.wonkity.com>
index | next in thread | raw e-mail
> Q8: This server of mine is a public DNS and it seems to be rejecting > connections because of too many TCP connections with "TIME_WAIT" status > (from "netstat -an"). How can I reduce the timeout? > A8: In short, tune the sysctl value "net.inet.tcp.msl" to something > modern and acceptable, such as 7500. > In detail, the default timeout value for TIME_WAIT status is set to 60 > seconds. This value is based on RFC 793. Since this RFC is drafted in > year 1981, equipments & bandwidth of that time wasn't as fast as what we > have now. A 60 seconds of waiting, for TCP session to terminate is a > long time. For a busy server opening & closing TCP connections, this > value should set to a fairly short time, such as 15 seconds. > The value of "net.inet.tcp.msl" is not the usual "literal" seconds > though. In order to reduce from the default 60 seconds to 15 seconds, > convert it to milliseconds and then divide it by 2. For example, > when 15 seconds is converted to 15,000 milliseconds, it then should > divide by 2, which sums up as "7500". This will be the value for > "net.inet.tcp.msl". > Q9: I just updated /etc/newsyslog.conf. How do I check for syntax error? > A9: Use the parameter "-nvv" when executing "newsyslog". For example, > "newsyslog -nvv" would tell what are each of the lines in > /etc/newsyslog.conf would do when the time comes. While these are helpful, they are not frequently asked. They would be better suited to the Configuration and Tuning chapter of the Handbook.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1302021715180.16715>