Date: Thu, 29 May 2008 12:12:16 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Robert Blayzor <rblayzor.bulk@inoc.net> Cc: freebsd-stable@freebsd.org Subject: Re: Sockets stuck in FIN_WAIT_1 Message-ID: <200805291912.m4TJCG56025525@apollo.backplane.com> References: <B42F9BDF-1E00-45FF-BD88-5A07B5B553DC@inoc.net> <1A19ABA2-61CD-4D92-A08D-5D9650D69768@mac.com> <23C02C8B-281A-4ABD-8144-3E25E36EDAB4@inoc.net> <483DE2E0.90003@FreeBSD.org> <B775700E-7494-42C1-A9B2-A600CE176ACB@inoc.net> <483E36CE.3060400@FreeBSD.org> <483E3C26.3060103@paradise.net.nz> <483E4657.9060906@FreeBSD.org> <483EA513.4070409@earthlink.net> <96AFE8D3-7EAC-4A4A-8EFF-35A5DCEC6426@inoc.net> <483EAED1.2050404@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I guess nobody mentioned the obvious thing to check: Make sure
TCP keepalive is turned on.
sysctl net.inet.tcp.always_keepalive=1
If you don't do this then dead TCP connections can build up, particularly
on busy servers, due to the other end simply disappearing.
Without this option the TCP protocol can get stuck, because it does not
usually send packets to the other end of an idle connection unless
(1) its window has closed completely or (2) it has unackncowledged data
or state pending. The keepalive forces a probe to occur every so often
on an idle connection (like once every 30min-2hrs, I forget what the
default is), to check that the connection still exists.
It is possible to get stuck during normal data operation and while in
a half-closed state. The 2MSL timeout does not activate until you
go into a fully closed state (FIN2/TIME_WAIT).
Pretty much if you are running any sort of service on the internet,
and even if you aren't, you need to make sure keepalive is turned on
for the long term health of your system.
-Matt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805291912.m4TJCG56025525>