From owner-freebsd-stable@FreeBSD.ORG Sat May 22 19:58:11 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6668A16A4CE for ; Sat, 22 May 2004 19:58:11 -0700 (PDT) Received: from mail1.webmaster.com (mail1.webmaster.com [216.152.64.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 54D2B43D3F for ; Sat, 22 May 2004 19:58:11 -0700 (PDT) (envelope-from davids@webmaster.com) Received: from however by webmaster.com (MDaemon.PRO.v7.1.0.R) with ESMTP id md50000015722.msg for ; Sat, 22 May 2004 19:35:19 -0700 From: "David Schwartz" To: "FreeBSD STABLE" Date: Sat, 22 May 2004 19:57:19 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20040519192229.GN457@cashmere.blitzed.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2120 Importance: Normal X-Authenticated-Sender: joelkatz@webmaster.com X-Spam-Processed: mail1.webmaster.com, Sat, 22 May 2004 19:35:19 -0700 (not processed: message from trusted or authenticated source) X-MDRemoteIP: 206.171.168.138 X-Return-Path: davids@webmaster.com X-MDaemon-Deliver-To: freebsd-stable@freebsd.org X-MDAV-Processed: mail1.webmaster.com, Sat, 22 May 2004 19:35:21 -0700 Subject: RE: Which resource am I running out of here? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: davids@webmaster.com List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 May 2004 02:58:11 -0000 > Another suggested I was running out of ephemeral ports: You almost certainly are. > $ sysctl -a | grep portrange > net.inet.ip.portrange.lowfirst: 1023 > net.inet.ip.portrange.lowlast: 600 > net.inet.ip.portrange.first: 1024 > net.inet.ip.portrange.last: 5000 > net.inet.ip.portrange.hifirst: 49152 > net.inet.ip.portrange.hilast: 65535 > > If my application is using first -> last then I can this would be > quite likely: I'm opening over 4000 TCP connections at once. But I > thought it used hifirst -> hilast. How does your application bind? Does it choose the port itself (it should!) or just bind to port zero and *hope* the kernel does the right thing under highly specialized conditions? > I also increased kern.ipc.somaxconn from 128 to 1024 but this did > not appear to help. Are there any other resource limits which > people think I should be changing? The connections are very > short-lived, perhaps no more than 30 seconds each, and hardly any > data goes over them. You should not use TCP for this. You'll clutter the system with the overhead of managing the dying connections. > Okay, while writing this email I used lsof to see what TCP > conections my app had. They do all seem to have source ports within > the first -> last range. Fix your application! > $ sudo sysctl net.inet.ip.portrange.last=20000 > net.inet.ip.portrange.last: 5000 -> 20000 > > seem to have removed my problem. Thanks! Really, you should just fix the application. It's unreasonable to expect the kernel to do the right thing when you have an exceptional situation. Pick your own ports, and if they're in use, try another. If you want, you can probe for 'hifirst' and 'hilast' and pick a port between those two. DS