Skip to main content

Linux. Orphaned connections in CLOSE_WAIT state ( a lot of connections are in CLOSE_WAIT state )


Usually dealing with web servers we have a lot of connections in CLOSE_WAIT state. These connections hold web server threads and also consume our nofile, nproc resources described in /etc/security/limits.conf.

To prevent such situation we need to adjust some kernel variables:
  • net.ipv4.tcp_keepalive_time - the interval between the last data packet sent (simple ACKs are not considered data) and the first keepalive probe; after the connection is marked to need keepalive, this counter is not used any further.
  • net.ipv4.tcp_keepalive_intvl - the interval between subsequential keepalive probes, regardless of what the connection has exchanged in the meantime.
  • net.ipv4.tcp_keepalive_probes - the number of unacknowledged probes to send before considering the connection dead and notifying the application layer.

The first two parameters are expressed in seconds, and the last is the pure number. This means that the keepalive routines wait for two hours (7200 secs, default value) before sending the first keepalive probe, and then resend it every 75 seconds. If no ACK response is received for 9 consecutive times, the connection is marked as broken.

You can modify and persistently save your own setting using sysctl command and file /etc/sysctl.conf like this:
sysctl -w net.ipv4.tcp_keepalive_time=120 >> /etc/sysctl.conf
sysctl -w net.ipv4.tcp_keepalive_probes=3 >> /etc/sysctl.conf 
sysctl -w net.ipv4.tcp_keepalive_intvl=20 >> /etc/sysctl.conf

Comments

  1. abrahameabdoMarch 3, 2022 at 4:27 PM

    Harrah's Casino & Resort - Dr.MD
    Harrah's Casino 제천 출장안마 & Resort is 서귀포 출장안마 located in beautiful New York City and 부천 출장마사지 is 천안 출장안마 a convenient option for those looking for a great 양산 출장샵 place to stay in one of

    ReplyDelete

Post a Comment

Popular posts from this blog

memory error detect XSCF uboot

If you see something like this when you poweron you server: memory error detect 80000008, address 000002d0 data 55555555 -> fbefaaaa capture_data hi fbefaaaa lo deadbeef ecc 1b1b capture_attributes 01113001 address 000002d0 memory error detect 80000008, address 000002d4 data aaaaaaaa -> deadbeef capture_data hi fbefaaaa lo deadbeef ecc 1b1b capture_attributes 01113001 address 000002d4 memXSCF uboot  01070000  (Feb  8 2008 - 11:12:19) XSCF uboot  01070000  (Feb  8 2008 - 11:12:19) SCF board boot factor = 7180     DDR Real size: 256 MB     DDR: 224 MB Than your XSCF card is broked. Replace it with new one. After that it will ask you for enter chassis number - located at front of the server XSCF promt to enter your chasses number ( is a S/N of your server ): Please input the chassis serial number : XXXXXXX 1:PANEL Please select the number : 1 Restoring data from PANEL to XSCF#0. Please wait for se...
1 comment
Read more

Solaris. remove unusable scsi lun

Solaris remove unusable or failing scsi lun 1. The removed devices show up as drive not available in the output of the format command: # format Searching for disks...done ................      255. c1t50000974082CCD5Cd249 <drive not available>           /pci@3,700000/SUNW,qlc@0/fp@0,0/ssd@w50000974082ccd5c,f9 ................      529. c3t50000974082CCD58d249 <drive not available>           /pci@7,700000/SUNW,qlc@0/fp@0,0/ssd@w50000974082ccd58,f9 2. After the LUNs are unmapped Solaris displays the devices as either unusable or failing. # cfgadm -al -o show_SCSI_LUN | grep -i unusable # # cfgadm -al -o show_SCSI_LUN | grep -i failing c1::50000974082ccd5c,249       disk         connected    configured   failing c3::50000974082ccd58,249 ...
1 comment
Read more

FOS Password recovery (Brocade Fabric OS Switch Password recovery procedure)

Password recovery using root account If you have access to the root account, you can reset the passwords on the switch to default. This feature is available for all currently supported versions of the Fabric OS. Follow the below steps to reset any account password from the root account. 1. Open a CLI session (serial or telnet for an unsecured system and sectelnet for a secure system) to the switch. 2. Log in as root. 3. At the prompt, enter the passwddefault command as shown below: switch:root> passwddefault 4. Follow the prompts to reset the password for the selected account. For example: switch:root> passwddefault All account passwords have been successfully set to factory default. Once the passwords have been reset, log into the switch as admin, and modify your default passwords. Make sure to keep a hardcopy of your switch passwords in a secure location. The default passwords for Fabric OS switches are: Root fibranne Adminpassword Userpassword Password r...
4 comments
Read more