I've been investigating some delays in my net connection recently and
have become aware of the std tcp timeouts set in sysctl by netfilter's
conntrack module.
Namely;
ip_conntrack_tcp_timeout_established 5 days
ip_conntrack_tcp_timeout_fin_wait 2 min's
ip_conntrack_tcp_timeout_max_retrans 300
ip_conntrack_tcp_timeout_syn_sent 2 min's
ip_conntrack_tcp_timeout_time_wait 2 min's
And it strikes me that these appear to be considerably long given the
present day state of connectivity and general speed of connections.
Especially, the 5 day timeout on an established connection. Isn't that
just a recipe for leaving a no longer wanted connection open well beyond
it's desirable lifespan?
Can anyone offer up some form of opinion as to why I shouldn't reduce
these values a bit (especially the established timeout) pls?
For example;
ip_conntrack_tcp_timeout_established 1 day
ip_conntrack_tcp_timeout_fin_wait 2 min's (might leave this
or possible to end up with unnecessary "established" conn's. waiting for
timeout)
ip_conntrack_tcp_timeout_max_retrans 300 (Can see why this might
be set high, but question it's genuine necessity)
ip_conntrack_tcp_timeout_syn_sent 1 min
ip_conntrack_tcp_timeout_time_wait 1 min
Am I about to completely screw things up by doing this?
--
------------------------------------------------------------------------
Kind Regards
Kyle
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
