ons 2003-07-16 klockan 18.33 skrev ronny: > Peace to all, > Now i made this netstat -n command on my cashing server and got many > SYN_RECV messages on port 3128 from most of our customer IP's yet > others have connction ESTABLISHED .how can I stop this is there a > problem in our squid response to some requests?
This most likely indicates that there is some connection between Squid and your customers which is overloaded or performing badly. For example if you have a lot of modem or other slow link users in which case it is quite normal as the customers modems quite often are busy transferring data to the customer, causing delays on new connections. TCP packet/state diagram: SYN -> SYN_RECV -> SYN+ACK ACK -> ESTABLISHED >From the above you can se that if it takes a long time to deliver the SYN+ACK packet to the client, or long for the client to deliver the ACK packet back then you will have many visible sockets in SYN_RECV state. Configuring RAS servers, routers etc to not use a too large queue on slow links helps in reducing this delay, but comes at a price in TCP efficiency. Having sockets in SYN_RECV state is usually no problem for modern operating systems, but you may want to enable SYN flood protection mechanisms such as SYNCOOKIES to be on the safe side in case there is a sudden surge of SYN_RECV sockets. If not new connections can not be made if the TCP backlog gets full with SYN_RECV sockets. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
