Connections to backend not closing

Thimo E. abc at digithi.de
Sun Mar 14 12:30:34 CET 2010


Hi folks,

just wanted to inform you that my problem is solved.
It turned out that the iptables conntection tracking module with the 
following iptables rules

iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP

have eaten the last FIN and ACK packets. It seems that iptables declares 
FIN, ACK packets as invalid if the TCP teardown takes too lang (> 180 
seconds).

Paul, Michael, Laurence...Thanks for your help!

Best regards
   Thimo E.

Am 12.02.2010 11:53, schrieb Laurence Rowe:
> On 12 February 2010 00:12, Thimo E.<abc at digithi.de>  wrote:
>    
>> Hello Poul, hello Michael,
>>
>>   >The impact [of sockets in FIN_WAIT2] should be no more than a bit of RAM.
>> I disagree slightly :) The application which is waiting in FIN_WAIT2 has
>> allocated structures, threads which (may or may not) consume CPU time,
>> ... and last but not least the value of max opened sockets will be
>> reduced by those dead sockets.
>> And..as I wrote already..due to that many opened sockets my backend
>> stops responding because of "Too many open connections".
>>
>>
>> Situation after 2 days running varnish:
>>
>> netstat -p:
>> 520 connections in FIN_WAIT2 state
>>
>> varnishstat:
>> ...
>>           438         0.00         0.01 Backend conn. reuses
>>           547         0.00         0.01 Backend conn. was closed
>>           988         0.00         0.02 Backend conn. recycles
>> ...
>>
>>      
>>> If you look in varnishstat, does the number correlate to the
>>> "Backend Conn." activity counters in any way ?
>>>        
>> Poul, the 547 closed backend connections are quite near to 520 FIN_WAIT2
>> connections.
>>
>> Any suggestions ?
>>      
>





More information about the varnish-misc mailing list