>>>>> My web server's response time for http requests skyrockets every >>>>> weekday between about 9am and 5pm. I've gone over my munin graphs >>and >>>>> the only one that really correlates well with the slowdown is "TCP >>>>> Queuing". It looks like I normally have about 400 packets per >>second >>>>> graphed as "direct copy from queue" in munin throughout the day, >>but 2 >>>>> to 3.5 times that many are periodically graphed during work hours. >>I >>>>> don't see the same pattern at all from the graph of all traffic on >>my >>>>> network interface which actually peaks over the weekend. TCP >>Queuing >>>>> doesn't rise above 400 packets per second all weekend. This is >>>>> consistent week after week. >>>>> >>>>> My two employees come into work during the hours in question, and >>they >>>>> certainly make frequent requests of the web server while at work, >>but >>>>> if their volume of requests were the cause of the problem then that >>>>> would be reflected in the graph of web server requests but it is >>not. >>>>> I do run a small MTU on the systems at work due to the config of >>the >>>>> modem/router we have there. >>>>> >>>>> Is this a recognizable problem to anyone? >>>> >>>> >>>> I'm in the midst of this. Are there certain attacks I should check >>for? >>> >>> >>> It looks like the TCP Queuing spike itself was due to imapproxy which >>> I've now disabled. I'll post more info as I gather it. >> >> >>imapproxy was clearly affecting the TCP Queuing graph in munin but I >>still ended up with a massive TCP Queuing spike today and >>corresponding http response time issues long after I disabled >>imapproxy. Graph attached. I'm puzzled. >> >>- Grant > > Things to check for: > Torrent or other distributed downloads. > Download program with multiple download threads
There sure shouldn't be anything like that running either on the server or in the office. Is there a good way to find out? Maybe something that would clearly indicate it? > Maybe another proxy running? Esp. as you saw this also with imapproxy. nginx acts as a reverse proxy to apache2 but that's a pretty common config. Nothing else that I know of. - Grant