17 января 2013 г., 17:02 пользователь Eugene Berdnikov <[email protected]>написал:
> On Thu, Jan 17, 2013 at 03:51:24PM +0400, Алексей Малов wrote:
> > На всякий случай ??? SYNы до сервера точно доходят, снимал tcpdump, в
> нём они
> > видны.
> >
> > Подскажите, пожалуйста, что смотреть, куда копать, кто сталкивался?
>
> Покажите
>
> uname -r
>
2.6.32-5-xen-amd64
> sysctl -a | fgrep conn
>
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_established = 432000
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_tcp_loose = 1
net.netfilter.nf_conntrack_tcp_be_liberal = 0
net.netfilter.nf_conntrack_tcp_max_retrans = 3
net.netfilter.nf_conntrack_udp_timeout = 30
net.netfilter.nf_conntrack_udp_timeout_stream = 180
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_acct = 1
net.netfilter.nf_conntrack_events = 1
net.netfilter.nf_conntrack_events_retry_timeout = 15
net.netfilter.nf_conntrack_max = 262144
net.netfilter.nf_conntrack_count = 110193
net.netfilter.nf_conntrack_buckets = 16384
net.netfilter.nf_conntrack_checksum = 1
net.netfilter.nf_conntrack_log_invalid = 0
net.netfilter.nf_conntrack_expect_max = 256
net.core.somaxconn = 128000
net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
net.ipv4.netfilter.ip_conntrack_tcp_loose = 1
net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 0
net.ipv4.netfilter.ip_conntrack_tcp_max_retrans = 3
net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
net.ipv4.netfilter.ip_conntrack_max = 262144
net.ipv4.netfilter.ip_conntrack_count = 110194
net.ipv4.netfilter.ip_conntrack_buckets = 16384
net.ipv4.netfilter.ip_conntrack_checksum = 1
net.ipv4.netfilter.ip_conntrack_log_invalid = 0
net.nf_conntrack_max = 262144
> netstat -s
>
Ip:
3119343669 total packets received
0 forwarded
0 incoming packets discarded
3028454742 incoming packets delivered
2630438265 requests sent out
3569 reassemblies required
1781 packets reassembled ok
Icmp:
8651947 ICMP messages received
1 input ICMP message failed.
ICMP input histogram:
destination unreachable: 7835932
timeout in transit: 39249
source quenches: 3412
redirects: 29135
echo requests: 744219
744241 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 22
echo replies: 744219
IcmpMsg:
InType3: 7835932
InType4: 3412
InType5: 29135
InType8: 744219
InType11: 39249
OutType0: 744219
OutType3: 22
Tcp:
244221008 active connections openings
255861431 passive connection openings
2422694 failed connection attempts
2991031 connection resets received
6333 connections established
3013409053 segments received
2542822804 segments send out
80481281 segments retransmited
4 bad segments received.
15467264 resets sent
Udp:
6393718 packets received
22 packets to unknown port received.
0 packet receive errors
6395033 packets sent
UdpLite:
TcpExt:
4659815 SYN cookies sent
4307580 SYN cookies received
6757517 invalid SYN cookies received
1636944 resets received for embryonic SYN_RECV sockets
6977 ICMP packets dropped because they were out-of-window
2 ICMP packets dropped because socket was locked
76710245 TCP sockets finished time wait in fast timer
26624 time wait sockets recycled by time stamp
1809111 TCP sockets finished time wait in slow timer
803356 passive connections rejected because of time stamp
549936 packets rejects in established connections because of timestamp
12600738 delayed acks sent
2457 delayed acks further delayed because of locked socket
Quick ack mode was activated 7631422 times
520542 times the listen queue of a socket overflowed
520542 SYNs to LISTEN sockets dropped
291714 packets directly queued to recvmsg prequeue.
19175 bytes directly in process context from backlog
10575200 bytes directly received in process context from prequeue
326071585 packet headers predicted
42742 packets header predicted and directly queued to user
1172218082 acknowledgments not containing data payload received
49423928 predicted acknowledgments
15 times recovered from packet loss due to fast retransmit
5558 times recovered from packet loss by selective acknowledgements
3027 bad SACK blocks received
Detected reordering 11 times using FACK
Detected reordering 17 times using time stamp
38 congestion windows fully recovered without slow start
52 congestion windows partially recovered using Hoe heuristic
47762 congestion windows recovered without slow start by DSACK
7092122 congestion windows recovered without slow start after partial
ack
5011 TCP data loss events
TCPLostRetransmit: 21
398 timeouts after reno fast retransmit
571289 timeouts after SACK recovery
19617 timeouts in loss state
7080 fast retransmits
926 forward retransmits
257465 retransmits in slow start
30907042 other TCP timeouts
9 classic Reno fast retransmits failed
325 SACK retransmits failed
7669152 DSACKs sent for old packets
8474 DSACKs sent for out of order packets
18280092 DSACKs received
8484 DSACKs for out of order packets received
4 connections reset due to unexpected SYN
1908058 connections reset due to unexpected data
352724 connections reset due to early user close
7706846 connections aborted due to timeout
TCPSACKDiscard: 1364
TCPDSACKIgnoredOld: 2665472
TCPDSACKIgnoredNoUndo: 4662286
TCPSpuriousRTOs: 1519
TCPMD5Unexpected: 1
TCPSackShifted: 1837
TCPSackMerged: 7015
TCPSackShiftFallback: 894154
IpExt:
InOctets: -843552233
OutOctets: -355045659
> --
> Eugene Berdnikov
>
>
> --
> To UNSUBSCRIBE, email to [email protected]
> with a subject of "unsubscribe". Trouble? Contact
> [email protected]
> Archive: http://lists.debian.org/[email protected]
>
>
--
Alexey Malov
