Connections to backend not closing
abc at digithi.de
Sun Mar 14 12:30:34 CET 2010
just wanted to inform you that my problem is solved.
It turned out that the iptables conntection tracking module with the
following iptables rules
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
have eaten the last FIN and ACK packets. It seems that iptables declares
FIN, ACK packets as invalid if the TCP teardown takes too lang (> 180
Paul, Michael, Laurence...Thanks for your help!
Am 12.02.2010 11:53, schrieb Laurence Rowe:
> On 12 February 2010 00:12, Thimo E.<abc at digithi.de> wrote:
>> Hello Poul, hello Michael,
>> >The impact [of sockets in FIN_WAIT2] should be no more than a bit of RAM.
>> I disagree slightly :) The application which is waiting in FIN_WAIT2 has
>> allocated structures, threads which (may or may not) consume CPU time,
>> ... and last but not least the value of max opened sockets will be
>> reduced by those dead sockets.
>> And..as I wrote already..due to that many opened sockets my backend
>> stops responding because of "Too many open connections".
>> Situation after 2 days running varnish:
>> netstat -p:
>> 520 connections in FIN_WAIT2 state
>> 438 0.00 0.01 Backend conn. reuses
>> 547 0.00 0.01 Backend conn. was closed
>> 988 0.00 0.02 Backend conn. recycles
>>> If you look in varnishstat, does the number correlate to the
>>> "Backend Conn." activity counters in any way ?
>> Poul, the 547 closed backend connections are quite near to 520 FIN_WAIT2
>> Any suggestions ?
More information about the varnish-misc