Dropped connections with tcp_tw_recycle=1

Nils Goroll slink at schokola.de
Sun Sep 20 15:20:34 CEST 2009

> tcp_tw_recycle is incompatible with NAT on the server side

... because it will enforce the verification of TCP time stamps. Unless all 
clients behind a NAT (actually PAD/masquerading) device use identical timestamps 
(within a certain range), most of them will send invalid TCP timestamps so SYNs 
will get dropped.

This issue had also kept me busy for long hours and the basic insight is simple: 
Premature optimization is the root of all evil ;-), or, less philosophical, 
don't tune experimental parameters (the kernel docs are very clear about this!).


More information about the varnish-misc mailing list