Date: Mon, 24 Feb 2003 18:21:04 -0500 (EST) From: Charles Sprickman <spork@inch.com> To: freebsd-stable@freebsd.org Subject: LAST_ACK timeout Message-ID: <20030224181605.T29646@shell.inch.com>
next in thread | raw e-mail | index | archive | help
Hello, I recently ran into a situation on a large mail server where MSN.com had what looks to be problems with their load balancers. The end result of this was that we had almost 4,000 connections in "LAST_ACK" state which led to the box no longer being able to establish outgoing connections. It wasn't clear exactly what resource was being exhausted (wasn't mbufs, and nothing at all in the logs). I've looked at tcp(4), which lists most of the sysctl variables and boot loader variables, but I'm not seeing a place to set the timeout on this. Ideally I'd like to whack this down to no more than 15 minutes; I'd rather not tie up resources on broken/evil mxers. Under -stable is there a setting somewhere for this? As a quick solution, we've enabled ipf on this box and it tracks state on outgoing connections. IPF seems to be able to age these entries out, but that's just a temporary fix. Thanks, Charles -- Charles Sprickman spork@inch.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030224181605.T29646>