On Fri, Mar 06, 2009 at 01:00:38PM -0800, Michael Fortson wrote:
> Thanks Willy -- here's the sysctl -a |grep ^net output:
> http://pastie.org/409735
after a quick check, I see two major things :
- net.ipv4.tcp_max_syn_backlog = 1024
=> far too low, increase it to 10240 and check if it helps
- net.netfilter.nf_conntrack_max = 265535
- net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
=> this proves that netfiler is indeed running on this machine
and might be responsible for session drops. 265k sessions is
very low for the large time_wait. It limits to about 2k
sessions/s, including local connections on loopback, etc...
You should then increase nf_conntrack_max and nf_conntrack_buckets
to about nf_conntrack_max/16, and reduce nf_conntrack_tcp_timeout_time_wait
to about 30 seconds.
> Our outbound cap is 400 Mb
OK so I think you're still far away from that.
Regards,
Willy
