I'm just coming back to let y'all know that we've progressed; there are actually two separate problems. the nolocaltimewait sysctl seems like a solution to the one I mentioned, but there's also another issue that I might have traced to nginx's end. Either way, it's clear now that the problem has nothing to do with Go, so I guess this is the wrong group for it. I'll post elsewhere if we get stuck again. Thanks to everyone for your replies.
On Wednesday, February 20, 2019 at 8:19:28 PM UTC-5, ohir wrote: > > On Tue, 19 Feb 2019 10:43:12 -0800 (PST) > rlwes...@gmail.com <javascript:> wrote: > > > I did manage to put together a script using tcpdrop that could pick out > > only the right connections to drop, but my code reviewer doesn't like > the > > solution; he wants to solve the problem from within Go rather than > > > hack our way around it. > > Even for someone without admin experience a quick search for TIME_WAIT > might point that it is a known problem and that it is one that can not be > dealt with > just using (any) programming language on the application layer. > > A "reviewer" should have known that. > > The environment (server) need to be tuned to its purpose. > Talking FreeBSD -- pass to your admin (and reviewer) hints: > "man sysctl", "net.inet.tcp.finwait2_timeout", > "net.inet.tcp.fast_finwait2_recycle" > > There are more knobs to fiddle with, depending on expected production > profile, but > these two are most likely to help. Standard timeout is 60s, for most > recent uses > it can be tuned down to 20, 10 or even 5s. > > > and the connections are left in TIME_WAIT. > > That's how the tcp standard is since 1981 or so. Unless you have a control > on > **both** endpoints you have no way to change that (apart from tuning > kernel > to reap aggressively or use raw tools like tcpdrop) There are other > tricks > that can be implemented **by the admin/devop division** on the routing > (pf) > layer. > > PS IIRC for jailed environments there was a trick with > "net.inet.tcp.nolocaltimewait"; > then a forwarder set over the jail. Consult an experienced *BSD admin for > more and possibly > more recent hints. > > Hope this helps, > > -- > Wojciech S. Czarnecki > << ^oo^ >> OHIR-RIPE > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
