Large numbers of Limiting open port RST response from 6 to 5 packets/sec

[roy lee]

this is  a web server,use nginx, Large numbers of Limiting
open port RST response from 6 to 5 packets/sec.

I need help.

dmesg：
Limiting open port RST response from 11 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
Limiting open port RST response from 8 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
Limiting open port RST response from 8 to 5 packets/sec
Limiting open port RST response from 7 to 5 packets/sec
Limiting open port RST response from 7 to 5 packets/sec
Limiting open port RST response from 14 to 5 packets/sec
Limiting open port RST response from 11 to 5 packets/sec
Limiting open port RST response from 9 to 5 packets/sec
Limiting open port RST response from 12 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
...

uname -a
FreeBSD qz14253.tmdxy.org 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Mar
8 20:41:05 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/
qz2kernel  i386

nginx.conf:

user  www www;

worker_processes  5;

pid /var/run/nginx.pid;

error_log  /var/log/www/error.log warn;

events {


   worker_connections  10240;


   use kqueue;


}

http {


   include   mime.types;


   default_type  application/octet-stream;





   log_format  main  '$remote_addr - $remote_user [$time_local] $request '


 '$status $body_bytes_sent $http_referer '


 '$http_user_agent $http_x_forwarded_for';

   sendfileon;
   #tcp_nopush on;
   #keepalive_timeout  0;
   keepalive_timeout  65;
   #gzip  on;
   includewebsite.conf;
}


sysctl.conf:
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
net.inet.tcp.msl=2500
net.inet.icmp.icmplim=5
kern.ipc.somaxconn=32768
kern.ipc.shmall=32768
kern.ipc.shmmax=134217728
kern.ipc.semmap=256

loader.conf:
autoboot_delay=3
kern.maxfiles=32768
kern.ipc.semmni=256
kern.ipc.semmns=512
kern.ipc.semmnu=256
kern.ipc.nmbclusters=32768

netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}':
FIN_WAIT_1 634
FIN_WAIT_2 2192
LAST_ACK 52
CLOSING 1
SYN_RCVD 10
TIME_WAIT 16
ESTABLISHED 2959

netstat -m:
484/2336/2820 mbufs in use (current/cache/total)
105/965/1070/32768 mbuf clusters in use (current/cache/total/max)
105/919 mbuf+clusters out of packet secondary zone in use (current/
cache)
0/65/65/12800 4k (page size) jumbo clusters in use (current/cache/
total/max)
0/0/0/6400 9k jumbo clusters in use (current/cache/total/max)
0/0/0/3200 16k jumbo clusters in use (current/cache/total/max)
331K/2774K/3105K bytes allocated to network (current/cache/total)
0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)
0/0/0 requests for jumbo clusters denied (4k/9k/16k)
104/175/6656 sfbufs in use (current/peak/max)
0 requests for sfbufs denied
0 requests for sfbufs delayed
401 requests for I/O initiated by sendfile
0 calls to protocol drain routines

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Large numbers of Limiting open port RST response from 6 to 5 packets/sec

[Manolis Kiagias]

roy lee wrote:

this is  a web server,use nginx, Large numbers of Limiting
open port RST response from 6 to 5 packets/sec.

I need help.

dmesg：
Limiting open port RST response from 11 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
Limiting open port RST response from 8 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
Limiting open port RST response from 8 to 5 packets/sec
Limiting open port RST response from 7 to 5 packets/sec
Limiting open port RST response from 7 to 5 packets/sec
Limiting open port RST response from 14 to 5 packets/sec
Limiting open port RST response from 11 to 5 packets/sec
Limiting open port RST response from 9 to 5 packets/sec
Limiting open port RST response from 12 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
...

uname -a
FreeBSD qz14253.tmdxy.org 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Mar
8 20:41:05 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/
qz2kernel  i386

SNIP

sysctl.conf:
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
net.inet.tcp.msl=2500
net.inet.icmp.icmplim=5
kern.ipc.somaxconn=32768
kern.ipc.shmall=32768
kern.ipc.shmmax=134217728
kern.ipc.semmap=256

SNIP
ICMP packets are rate-limited by the kernel, but you limited them even 
more with this:


net.inet.icmp.icmplim=5

This is the cause of your messages. Adjust it to about 500.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Large numbers of Limiting open port RST response from 6 to 5 packets/sec

[roy lee]

Manolis Kiagias 写道:



roy lee wrote:

this is  a web server,use nginx, Large numbers of Limiting
open port RST response from 6 to 5 packets/sec.

I need help.

dmesg：
Limiting open port RST response from 11 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
Limiting open port RST response from 8 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
Limiting open port RST response from 8 to 5 packets/sec
Limiting open port RST response from 7 to 5 packets/sec
Limiting open port RST response from 7 to 5 packets/sec
Limiting open port RST response from 14 to 5 packets/sec
Limiting open port RST response from 11 to 5 packets/sec
Limiting open port RST response from 9 to 5 packets/sec
Limiting open port RST response from 12 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
...

uname -a
FreeBSD qz14253.tmdxy.org 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Mar
8 20:41:05 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/
qz2kernel  i386

SNIP

sysctl.conf:
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
net.inet.tcp.msl=2500
net.inet.icmp.icmplim=5
kern.ipc.somaxconn=32768
kern.ipc.shmall=32768
kern.ipc.shmmax=134217728
kern.ipc.semmap=256

SNIP
ICMP packets are rate-limited by the kernel, but you limited them even 
more with this:


net.inet.icmp.icmplim=5

This is the cause of your messages. Adjust it to about 500.



if sysctl net.inet.icmp.icmplim=500 ， the services will stop，
twisted log : writev() failed (32: Broken pipe) while sending request to 
upstream

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Large numbers of Limiting open port RST response from 6 to 5 packets/sec

[Manolis Kiagias]

roy lee wrote:

Manolis Kiagias 写道:



roy lee wrote:

this is  a web server,use nginx, Large numbers of Limiting
open port RST response from 6 to 5 packets/sec.

I need help.

dmesg：
Limiting open port RST response from 11 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
Limiting open port RST response from 8 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
Limiting open port RST response from 8 to 5 packets/sec
Limiting open port RST response from 7 to 5 packets/sec
Limiting open port RST response from 7 to 5 packets/sec
Limiting open port RST response from 14 to 5 packets/sec
Limiting open port RST response from 11 to 5 packets/sec
Limiting open port RST response from 9 to 5 packets/sec
Limiting open port RST response from 12 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
...

uname -a
FreeBSD qz14253.tmdxy.org 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Mar
8 20:41:05 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/
qz2kernel  i386

SNIP

sysctl.conf:
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
net.inet.tcp.msl=2500
net.inet.icmp.icmplim=5
kern.ipc.somaxconn=32768
kern.ipc.shmall=32768
kern.ipc.shmmax=134217728
kern.ipc.semmap=256

SNIP
ICMP packets are rate-limited by the kernel, but you limited them 
even more with this:


net.inet.icmp.icmplim=5

This is the cause of your messages. Adjust it to about 500.



if sysctl net.inet.icmp.icmplim=500 ， the services will stop，
twisted log : writev() failed (32: Broken pipe) while sending request 
to upstream
This is weird. We use 500 on a production web server (large torrent 
site). Kernel default is 200, you may wish to use this value.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Large numbers of Limiting open port RST response from 6 to 5 packets/sec

[roy lee]

Manolis Kiagias 写道:

roy lee wrote:

Manolis Kiagias 写道:



roy lee wrote:

this is  a web server,use nginx, Large numbers of Limiting
open port RST response from 6 to 5 packets/sec.

I need help.

dmesg：
Limiting open port RST response from 11 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
Limiting open port RST response from 8 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
Limiting open port RST response from 8 to 5 packets/sec
Limiting open port RST response from 7 to 5 packets/sec
Limiting open port RST response from 7 to 5 packets/sec
Limiting open port RST response from 14 to 5 packets/sec
Limiting open port RST response from 11 to 5 packets/sec
Limiting open port RST response from 9 to 5 packets/sec
Limiting open port RST response from 12 to 5 packets/sec
Limiting open port RST response from 6 to 5 packets/sec
...

uname -a
FreeBSD qz14253.tmdxy.org 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Mar
8 20:41:05 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/
qz2kernel  i386

SNIP

sysctl.conf:
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
net.inet.tcp.msl=2500
net.inet.icmp.icmplim=5
kern.ipc.somaxconn=32768
kern.ipc.shmall=32768
kern.ipc.shmmax=134217728
kern.ipc.semmap=256

SNIP
ICMP packets are rate-limited by the kernel, but you limited them 
even more with this:


net.inet.icmp.icmplim=5

This is the cause of your messages. Adjust it to about 500.



if sysctl net.inet.icmp.icmplim=500 ， the services will stop，
twisted log : writev() failed (32: Broken pipe) while sending request 
to upstream
This is weird. We use 500 on a production web server (large torrent 
site). Kernel default is 200, you may wish to use this value.




Revised to 200,At present normal,I will continue to follow.
thank you!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]