From owner-freebsd-questions@FreeBSD.ORG Thu Oct 4 15:37:26 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A4C0716A46C for ; Thu, 4 Oct 2007 15:37:26 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from snoogles.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 7EDCD13C459 for ; Thu, 4 Oct 2007 15:37:26 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (localhost [127.0.0.1]) by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id 67A431CDEE for ; Thu, 4 Oct 2007 07:37:25 -0800 (AKDT) From: Mel To: freebsd-questions@freebsd.org Date: Thu, 4 Oct 2007 17:37:22 +0200 User-Agent: KMail/1.9.7 References: <20071004120323.GA26979@tropic.org.uk> In-Reply-To: <20071004120323.GA26979@tropic.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200710041737.23480.fbsd.questions@rachie.is-a-geek.net> Subject: Re: Networking overloaded (WAS: Re: confirm 3454f2d8611cde291b81fa177d2434593f5e6d36) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2007 15:37:26 -0000 Hiya, On Thursday 04 October 2007 14:03:23 edward.serrofq@tropic.org.uk wrote: > I have a 5.3 installation which currently has about 5000 'ESTABLISHED' TCP > connections. That figure quadruples in the evening. > > Are there any sysctls that I should be tweaking to handle lots of TCP > connections? 2 things are key to answering first: 1) Are these valid/wanted connections? I assume if this is caused by your ftp server being filled with PSX downloads, because your anon user has write privileges, you don't want to increase your connection possibilities. 2) Do you have memory free at top load? If you don't have (a lot of) spare memory at connection peak, adding the ability for more connections will simply slow down your machine and possibly lock it up. > The machine is running pf -- is there some logging I could be doing to see > if pf is being overloaded? Unless you're using synproxy states, pf doesn't create connections - at best rewrites them. In your case, using synproxy states might actually be a benefit, depending what's causing the high load. Also, is this a firewall only or does it have locally generated traffic? > Is there anything else I could be doing to see if some part of the OS is > failing to handle load? It would help if you describe what's running on the machine, most notably, are these connections to one or more servers running on your machine or is your bittorrent client going bonkers, that kinda thing. sockstat(1) is a very useful tool for identifying that. Better save the output to file first with a load like that, for example: sockstat -4c > /tmp/net.load will list all the connected IPv4 sockets to file /tmp/net.load. -- Mel