From owner-freebsd-questions@FreeBSD.ORG  Sun Mar  9 10:00:09 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0F3E61065674
	for <freebsd-questions@freebsd.org>;
	Sun,  9 Mar 2008 10:00:09 +0000 (UTC)
	(envelope-from sonicy@otenet.gr)
Received: from kane.otenet.gr (kane.otenet.gr [195.170.0.77])
	by mx1.freebsd.org (Postfix) with ESMTP id 8CB018FC18
	for <freebsd-questions@freebsd.org>;
	Sun,  9 Mar 2008 10:00:08 +0000 (UTC)
	(envelope-from sonicy@otenet.gr)
Received: from [192.168.0.1] (athedsl-287704.home.otenet.gr [85.73.171.118])
	by kane.otenet.gr (8.13.8/8.13.8/Debian-3) with ESMTP id m29A06Pj025494;
	Sun, 9 Mar 2008 12:00:06 +0200
Message-ID: <47D3B52C.4040304@otenet.gr>
Date: Sun, 09 Mar 2008 12:00:12 +0200
From: Manolis Kiagias <sonicy@otenet.gr>
User-Agent: Thunderbird 2.0.0.12 (X11/20080227)
MIME-Version: 1.0
To: roy lee <dotyao@gmail.com>
References: <47D40943.5080802@gmail.com> <47D3ABD0.5090108@otenet.gr>
	<47D42247.103@gmail.com>
In-Reply-To: <47D42247.103@gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Large numbers of Limiting open port RST response from 6 to 5
 packets/sec
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Mar 2008 10:00:09 -0000

roy lee wrote:
> Manolis Kiagias 写道:
>>
>>
>> roy lee wrote:
>>> this is  a web server,use nginx, Large numbers of Limiting
>>> open port RST response from 6 to 5 packets/sec.
>>>
>>> I need help.
>>>
>>> dmesg：
>>> Limiting open port RST response from 11 to 5 packets/sec
>>> Limiting open port RST response from 6 to 5 packets/sec
>>> Limiting open port RST response from 8 to 5 packets/sec
>>> Limiting open port RST response from 6 to 5 packets/sec
>>> Limiting open port RST response from 8 to 5 packets/sec
>>> Limiting open port RST response from 7 to 5 packets/sec
>>> Limiting open port RST response from 7 to 5 packets/sec
>>> Limiting open port RST response from 14 to 5 packets/sec
>>> Limiting open port RST response from 11 to 5 packets/sec
>>> Limiting open port RST response from 9 to 5 packets/sec
>>> Limiting open port RST response from 12 to 5 packets/sec
>>> Limiting open port RST response from 6 to 5 packets/sec
>>> .......
>>>
>>> uname -a
>>> FreeBSD qz14253.tmdxy.org 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Mar
>>> 8 20:41:05 UTC 2008     roy@qz14253.tmdxy.org:/usr/obj/usr/src/sys/
>>> qz2kernel  i386
>>>
>>> <SNIP>
>>>
>>> sysctl.conf:
>>> net.inet.icmp.drop_redirect=1
>>> net.inet.icmp.log_redirect=1
>>> net.inet.tcp.msl=2500
>>> net.inet.icmp.icmplim=5
>>> kern.ipc.somaxconn=32768
>>> kern.ipc.shmall=32768
>>> kern.ipc.shmmax=134217728
>>> kern.ipc.semmap=256
>>>
>>> <SNIP>
>> ICMP packets are rate-limited by the kernel, but you limited them 
>> even more with this:
>>
>> net.inet.icmp.icmplim=5
>>
>> This is the cause of your messages. Adjust it to about 500.
>>
>>
> if sysctl net.inet.icmp.icmplim=500 ， the services will stop，
> twisted log : writev() failed (32: Broken pipe) while sending request 
> to upstream
This is weird. We use 500 on a production web server (large torrent 
site). Kernel default is 200, you may wish to use this value.