Networking overloaded (WAS: Re: confirm
3454f2d8611cde291b81fa177d2434593f5e6d36)
Mel
fbsd.questions at rachie.is-a-geek.net
Thu Oct 4 08:37:26 PDT 2007
Hiya,
On Thursday 04 October 2007 14:03:23 edward.serrofq at tropic.org.uk wrote:
> I have a 5.3 installation which currently has about 5000 'ESTABLISHED' TCP
> connections. That figure quadruples in the evening.
>
> Are there any sysctls that I should be tweaking to handle lots of TCP
> connections?
2 things are key to answering first:
1) Are these valid/wanted connections?
I assume if this is caused by your ftp server being filled with PSX downloads,
because your anon user has write privileges, you don't want to increase your
connection possibilities.
2) Do you have memory free at top load?
If you don't have (a lot of) spare memory at connection peak, adding the
ability for more connections will simply slow down your machine and possibly
lock it up.
> The machine is running pf -- is there some logging I could be doing to see
> if pf is being overloaded?
Unless you're using synproxy states, pf doesn't create connections - at best
rewrites them. In your case, using synproxy states might actually be a
benefit, depending what's causing the high load.
Also, is this a firewall only or does it have locally generated traffic?
> Is there anything else I could be doing to see if some part of the OS is
> failing to handle load?
It would help if you describe what's running on the machine, most notably, are
these connections to one or more servers running on your machine or is your
bittorrent client going bonkers, that kinda thing.
sockstat(1) is a very useful tool for identifying that. Better save the output
to file first with a load like that, for example:
sockstat -4c > /tmp/net.load will list all the connected IPv4 sockets to
file /tmp/net.load.
--
Mel
More information about the freebsd-questions
mailing list