Date: Wed, 15 Sep 2010 16:23:47 +0200 From: Gareth de Vaux <bsd@lordcow.org> To: stable@freebsd.org Cc: luigi@freebsd.org, Jeremy Chadwick <freebsd@jdc.parodius.com> Subject: Re: ipfw: Too many dynamic rules Message-ID: <20100915142347.GA76805@lordcow.org> In-Reply-To: <20100914115438.GA61728@lordcow.org> References: <20100909153902.GA28341@lordcow.org> <20100909162009.GA80375@icarus.home.lan> <20100910114908.GA55978@lordcow.org> <20100914103657.GA57521@lordcow.org> <20100914110302.GA84971@icarus.home.lan> <20100914111200.GA59889@lordcow.org> <20100914113053.GA19053@icarus.home.lan> <20100914115438.GA61728@lordcow.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue 2010-09-14 (13:54), Gareth de Vaux wrote: > On Tue 2010-09-14 (04:30), Jeremy Chadwick wrote: > > Regarding net.inet.tcp.finwait2_timeout=15000 -- you don't see any > > improvement at all? That's a bit strange. There's probably something > > If there was an improvement it was subtle (I was doing sporadic > measurements), just that in the end my firewall was getting overloaded > either way. Yeah looks like a bit of an improvement but I also wasn't controlling for end user usage so can't say for sure without rerunning. Setting net.inet.tcp.fast_finwait2_recycle=1 though seems to have done the trick, thanx. This is now typical: $ netstat -n | grep -c FIN_WAIT_2 5 and my server still seems to be serving.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100915142347.GA76805>