Dropped connections with tcp_tw_recycle=1
slink at schokola.de
Sun Sep 20 15:20:34 CEST 2009
> tcp_tw_recycle is incompatible with NAT on the server side
... because it will enforce the verification of TCP time stamps. Unless all
clients behind a NAT (actually PAD/masquerading) device use identical timestamps
(within a certain range), most of them will send invalid TCP timestamps so SYNs
will get dropped.
This issue had also kept me busy for long hours and the basic insight is simple:
Premature optimization is the root of all evil ;-), or, less philosophical,
don't tune experimental parameters (the kernel docs are very clear about this!).
More information about the varnish-misc