Hi folks,
just wanted to inform you that my problem is solved.
It turned out that the iptables conntection tracking module with the
following iptables rules
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
have eaten the last FIN and ACK packets. It seems that iptables declares
FIN, ACK packets as invalid if the TCP teardown takes too lang (> 180
seconds).
Paul, Michael, Laurence...Thanks for your help!
Best regards
Thimo E.
Am 12.02.2010 11:53, schrieb Laurence Rowe:
On 12 February 2010 00:12, Thimo E.<[email protected]> wrote:
Hello Poul, hello Michael,
>The impact [of sockets in FIN_WAIT2] should be no more than a bit of RAM.
I disagree slightly :) The application which is waiting in FIN_WAIT2 has
allocated structures, threads which (may or may not) consume CPU time,
... and last but not least the value of max opened sockets will be
reduced by those dead sockets.
And..as I wrote already..due to that many opened sockets my backend
stops responding because of "Too many open connections".
Situation after 2 days running varnish:
netstat -p:
520 connections in FIN_WAIT2 state
varnishstat:
...
438 0.00 0.01 Backend conn. reuses
547 0.00 0.01 Backend conn. was closed
988 0.00 0.02 Backend conn. recycles
...
If you look in varnishstat, does the number correlate to the
"Backend Conn." activity counters in any way ?
Poul, the 547 closed backend connections are quite near to 520 FIN_WAIT2
connections.
Any suggestions ?
_______________________________________________
varnish-misc mailing list
[email protected]
http://lists.varnish-cache.org/mailman/listinfo/varnish-misc
