Hiya, On Thursday 04 October 2007 14:03:23 [EMAIL PROTECTED] wrote:
> I have a 5.3 installation which currently has about 5000 'ESTABLISHED' TCP > connections. That figure quadruples in the evening. > > Are there any sysctls that I should be tweaking to handle lots of TCP > connections? 2 things are key to answering first: 1) Are these valid/wanted connections? I assume if this is caused by your ftp server being filled with PSX downloads, because your anon user has write privileges, you don't want to increase your connection possibilities. 2) Do you have memory free at top load? If you don't have (a lot of) spare memory at connection peak, adding the ability for more connections will simply slow down your machine and possibly lock it up. > The machine is running pf -- is there some logging I could be doing to see > if pf is being overloaded? Unless you're using synproxy states, pf doesn't create connections - at best rewrites them. In your case, using synproxy states might actually be a benefit, depending what's causing the high load. Also, is this a firewall only or does it have locally generated traffic? > Is there anything else I could be doing to see if some part of the OS is > failing to handle load? It would help if you describe what's running on the machine, most notably, are these connections to one or more servers running on your machine or is your bittorrent client going bonkers, that kinda thing. sockstat(1) is a very useful tool for identifying that. Better save the output to file first with a load like that, for example: sockstat -4c > /tmp/net.load will list all the connected IPv4 sockets to file /tmp/net.load. -- Mel _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
