• 4
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Tuning Linux TCP for large number of TIME_WAIT

It looks like we have a bunch of tcp connections hanging around on a busy webserver, this is the output from ss -s:

Total: 366 (kernel 1037)
TCP:   72108 (estab 130, closed 71964, orphaned 0, synrecv 0, timewait 71962/0), ports 46158

Transport Total     IP        IPv6
*     1037      -         -
RAW   0         0         0
UDP   12        8         4
TCP   144       111       33
INET      156       119       37
FRAG      0         0         0

How do I best tune the TCP settings on this server prevent problems/maximize performance? I have just recently increased net/ipv4/ip_local_port_range from the default to "1024 65000"

TCP/IP stack on linux is already very optimized and typically nothing is needed. For instance, setting local port range to get a few extra ports is almost certainly not needed.

In terms of time/wait being bad, it is just part of using tcp. If you really want to have less ports in that state, change tcp_fin_timeout or tcp_keepalive values. Although you really shouldn't change those values unless you really need to for some reason.

In terms of running out of ports, each port is keyed on a source and destination port. You are likely not going to run out of source/destination pairs unless you are doing something like nat.


In response to your comment about connections being dropped when using memcached; You can increase the # of worker threads and backlog queue length. The problem is more likely to be with memcached than the number of ports available.

  • -3
Reply Report
    • I'm sorry but this is cluttered by mistakes. First getting 31k more local ports for socket establishement towards one IP:port couple per srcIP can't be called a few. Options tcp_keepalive and tcp_fin_timeout have nothing to do with TIMEWAIT state. Each port is keyed on a source and destination port : I believe you mean IP, not port. And generally saying that the network side don't need configuration is completely wrong in the case of hosting. Much needs to be done and that's the beauty of linux to have so many options available for each use case directly exposed by the kernel.

Trending Tags