Am 11-02-2014 12:15, schrieb Maxim Dounin:
Hello!
On Mon, Feb 10, 2014 at 05:41:47PM +0100, Aleksandar Lazic wrote:
[...]
Every time when I have more then ~400 r/s we get no data from the
status-request, this request rate means ~20k Packets/Second.
I use netfilter with fail2ban, but not the connection tracking module!
I have now seen on the tcpdump that I get a 'RST' Package quite
immediately
after a request when the 'no answer from server' cames.
I think this could be a kernel-network issue not a nginx issue.
The question is:
Please can you help me to find the reason for the immediately 'RST'
answer.
Listen queue overflow?
On modern Linux'es, it should be possible to check some listen
queue numbers with "ss -nlt" / "netstat -nlt" (on BSD, detailed
information is available with "netstat -Lan"), and number of
overflows happended in past should be in "netstat -s" stats. To
tune listen queue size used by nginx, use "backlog" parameter of
the listen directive. Note that system limits like
tcp_max_syn_backlog and somaxconn also require tuning.
root@ns61620:~# ss -nlt|egrep 'Sta|<IP>'
State Recv-Q Send-Q Local Address:Port Peer
Address:Port
LISTEN 0 128 <IP>:80 *:*
sysctl -a|egrep 'somaxconn|tcp_max_syn'
net.core.somaxconn = 4069
net.ipv4.tcp_max_syn_backlog = 8192
I have not add "backlog" to the listen directive.
Do you have some suggestions about useful values for that amount of
traffic?
If stateful firewall is used, this also can be a result of "out of
states" conditions, check your firewall stats.
I don't use connection track module.
Aleks
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
