GitHub user pbchou opened an issue:
https://github.com/apache/trafficserver/issues/1304
ATS 6.1.1 -- Found some orphaned connections after sending 403-response to
the client.
We have ATS 6.1.1 (running under Linux RH72) configured as a reverse proxy.
If the client requests a URL that is not defined with a rule in remap.config,
then we send a 403 forbidden back to the client and close the connection. This
normally works, but we found after several weeks (and thousands of 403's sent)
that there are a handful of connections that show up as ESTABLISHED in netstat,
but they do not appear to be managed any longer by ATS.
First, we monitored using tcpdump to confirm that there was no activity on
these connections for about an hour. Second, we removed the cache from
production and dynamically turned on debug for the net_queue tag using
traffic_ctl, and even when the queue sizes were zero the established
connections persisted. So these seem to be orphaned connections not policed by
inactivity_cop (time-out set for 300 seconds). We confirmed in our ATS log
files that ATS had previously sent completed 403 responses on these connections
(matched by client IP and source port) from days up to weeks back.
Any ideas? Also, does or can ATS make use of the socket TCP level time-outs
(setsockopt ... SO_KEEPALIVE)?
----
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
