Connections to backend not closing
Thimo E.
abc at digithi.de
Sun Mar 14 12:30:34 CET 2010
Hi folks,
just wanted to inform you that my problem is solved.
It turned out that the iptables conntection tracking module with the
following iptables rules
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
have eaten the last FIN and ACK packets. It seems that iptables declares
FIN, ACK packets as invalid if the TCP teardown takes too lang (> 180
seconds).
Paul, Michael, Laurence...Thanks for your help!
Best regards
Thimo E.
Am 12.02.2010 11:53, schrieb Laurence Rowe:
> On 12 February 2010 00:12, Thimo E.<abc at digithi.de> wrote:
>
>> Hello Poul, hello Michael,
>>
>> >The impact [of sockets in FIN_WAIT2] should be no more than a bit of RAM.
>> I disagree slightly :) The application which is waiting in FIN_WAIT2 has
>> allocated structures, threads which (may or may not) consume CPU time,
>> ... and last but not least the value of max opened sockets will be
>> reduced by those dead sockets.
>> And..as I wrote already..due to that many opened sockets my backend
>> stops responding because of "Too many open connections".
>>
>>
>> Situation after 2 days running varnish:
>>
>> netstat -p:
>> 520 connections in FIN_WAIT2 state
>>
>> varnishstat:
>> ...
>> 438 0.00 0.01 Backend conn. reuses
>> 547 0.00 0.01 Backend conn. was closed
>> 988 0.00 0.02 Backend conn. recycles
>> ...
>>
>>
>>> If you look in varnishstat, does the number correlate to the
>>> "Backend Conn." activity counters in any way ?
>>>
>> Poul, the 547 closed backend connections are quite near to 520 FIN_WAIT2
>> connections.
>>
>> Any suggestions ?
>>
>
More information about the varnish-misc
mailing list