Limiting closed port RST response from XXX to 200...

[ray at redshift.com]

At 09:48 PM 10/17/2005 -0400, Mike Silbersack wrote:
| > Hi,
| >
| >   On a server I'm benchmark testing, via local host, I'm getting Limiting
| > closed
| > port RST response from XXXX to 200 packets/sec on the console when I'm
| > running a
| > lot of local connections very quickly all at once (about 7500 per second).
| >  I've
| > added the following:
| >
| > net.inet.tcp.log_in_vain: 0
| > net.inet.udp.log_in_vain: 0
| >
| > but still does it.  Is there any way to disable it short of installing
| > ipf?  I'd
| > like to see what the theoretical limit of the machine is without it
| > perhaps
| > limiting connections in some manner.
| >
| > Thanks!
| >
| > Ray
| 
| Er, if you're seeing those messages, your benchmark is going very awry!
| 
| The kernel is telling you that 7500 junk packets per second are coming in,
| but that it has chosen to send RST packets in response to only 200 of
| them.  What you should be asking is - why are 7500 junk packets per second
| coming into the system?  This could be due to a flaw in how your benchmark
| is setup (if you're trying to connect to a port that has no listening
| service or DNS lookups to a nonexistent DNS server?), or it could be some
| kernel bug you've uncovered.  If it's the latter, then I would be very
| interested in helping you get it fixed.
| 
| There is a sysctl for disabling the reset rate limiting, but I would
| suggest that you track down the source of the problem before resorting to
| disabling the feature.
| 
| Mike "Silby" Silbersack
| 
| 

Hi Mike,

  Thanks for the pointers.  I will check some of those areas you mention.  Since
I just threw this machine together real fast, I may have some DNS off the mark
or something.  

  BTW, the benchmark I'm using is 'ab' in apache/bin.  I'm running it with -c 50
and -n 1000.  Seems to only cause the RST thing on small files.  

  Thanks again for the tips.

Ray