Error: possible SYN flooding

Maximilian Herrmann maximilian.herrmann at jambit.com
Mon Aug 12 22:25:44 CEST 2013


Hi,

i`m currently having issues with my Varnish load balancers. For some users, the access to our site is very slow, for others it isn`t reachable.
I`ve observed something strange at the dmesg-Logfile, it is saying "possible SYN flooding on port 80. Sending cookies." about every 20 minutes. I don`t think that this is a real SYN flood, as this is some very high traffic system.
The system is running at CentOS 6.3, we`re using Varnish 3.0.4 (from rpm).

We have optimized the following kernel parameters already:
/proc/sys/net/ipv4/tcp_tw_reuse (now set to 1)
/proc/sys/net/ipv4/tcp_tw_recycle (now set to 1)
/proc/sys/net/ipv4/tcp_fin_timeout (now set to 30)
/proc/sys/net/ipv4/tcp_keepalive_intvl (now set to 40)
/proc/sys/net/ipv4/tcp_keepalive_time (now set to 1800)
/proc/sys/net/ipv4/tcp_syn_retries (not set to 2)
/proc/sys/net/ipv4/tcp_synack_retries (now set to 2)
/proc/sys/net/ipv4/tcp_no_metrics_save (now set to 1)
/proc/sys/net/ipv4/tcp_rmem (now 4096   87380   16777216)
/proc/sys/net/core/wmem_max (now 16777216)
/proc/sys/net/core/rmem_max (now 16777216)
/proc/sys/net/ipv4/tcp_max_syn_backlog (now 4096)
/proc/sys/net/ipv4/tcp_max_syn_backlog (now 4096)
/proc/sys/net/core/netdev_max_backlog (now 5000)
/proc/sys/net/ipv4/ip_local_port_range (now 1024 65536)


I could not find anything at Google. May somebody give me tips how to resolve this issue?

Thanks,

Maxi
________________________________

Maximilian Herrmann, System Administrator
Phone: +49 89 45 23 47 - 628
Fingerprint: 4BDD 79EA 8B40 F21C 9667 DC6C F257 0841 13DB 6EC5

jambit GmbH
Erika-Mann-Str. 63, 80636 M?nchen
Phone: +49 89 45 23 47 - 0 Fax: +49 89 45 23 47 - 70

http://www.jambit.com where innovation works

Gesch?ftsf?hrer: Peter F. Fellinger, Markus Hartinger
Sitz: M?nchen; Registergericht: M?nchen, HRB 129139
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20130812/08548a0a/attachment.html>


More information about the varnish-misc mailing list