Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
Server with Haproxy refuses to incoming connections
Results 1 to 5 of 5

Thread: Server with Haproxy refuses to incoming connections

  1. #1

    Server with Haproxy refuses to incoming connections

    We have a busy server running Haproxy.
    When we run a load test we accept "server refuses connection" error on the loader.
    Also, Haproxy fails to open connections to backend servers.
    Haproxy is configured with no keep-a-live.

    What we see in server stats is that this happens when the server reaches about 34000 TIME_WAIT connections.
    Other server resources (CPU, MEM) are not limited.

    netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
    1 established)
    1 Foreign
    7 SYN_SENT
    9 ESTABLISHED
    12 LISTEN
    34180 TIME_WAIT

    vmstat -m | grep -i tcp
    tcp_bind_bucket 64 448 32 112
    tw_sock_TCP 34156 34160 192 20
    request_sock_TCP 5 60 128 30
    TCP 110 215 1536 5

    What defines the 34000 limitation of TIME_WAIT connections?
    Is there a way to increase this limit or to reduce TIME_WAITs under load?

  2. #2
    Administrator Advisor peter's Avatar
    Join Date
    Apr 2004
    Posts
    882
    To temporarily change TIME_WAIT to 30 seconds

    Code:
    # echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
    For a permanent change (on reboot) modify your /etc/sysctl.conf file. The sysctl command will also do that for you:

    Code:
    # sysctl -w net.ipv4.tcp_fin_timeout=30
    For automation, you'll have to monitor system load and then modify the tcp_fin_timeout values in the /proc file system as needed.

    My sites:
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    -
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  3. #3
    Administrator Advisor peter's Avatar
    Join Date
    Apr 2004
    Posts
    882
    The netstat TIME_WAIT value is the total number of currently open TCP connections. Depending on the source IP address of each entry it gives an idea as to whether the server or the client is waiting for input. Typically high values on a web server indicate high traffic loads from web browsers. If the connections are generated by the server, it could mean that it is waiting on responses from another slow server.

    High numbers of TIME_WAIT connections on your server could mean that it is also slow for some reason and cannot handle the load from the web. Take a look at the output of the top command to see what could be the problem. Also look at your weblog files, there could be someone out there doing excessive queries that you may want to limit. iptables can be used to limit excessive connection rates to your server, I think apache can be configured similarly.

    My sites:
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    -
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  4. #4
    I tried to change tcp_fin_timeout to 10 but it didn't help.

    Note that I'm running load test (not real traffic) where the load client runs 100 threads each creating 10-20 http requests / sec. When the test runs with keep-alive connections everything is fine (even for several such load clients). But when I'm running the test without keep-alive, it causes kind of DOS problem in Haproxy server.
    The server should server thousands of short-lived requests per second so I'm not sure if this problem will arise in real world also.

  5. #5
    The problem was solved by increasing net.ipv4.netfilter.ip_conntrack_max from its default value (65000) to 256000

Similar Threads

  1. Incoming SMS to database
    By jkrise in forum Linux - Hardware, Networking & Security
    Replies: 0
    Last Post: 10-07-2009, 10:14 AM
  2. server problem with connections
    By Omar Bacha in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 07-10-2008, 11:37 PM
  3. IPTABLES: block ALL incoming and outgoing except...
    By Blaqb0x in forum Linux - Software, Applications & Programming
    Replies: 2
    Last Post: 07-06-2004, 03:17 AM
  4. syslogd: how to redirect incoming logs
    By Blaqb0x in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 02-26-2004, 11:37 PM
  5. smbd refuses to run
    By airhead in forum Linux - Hardware, Networking & Security
    Replies: 4
    Last Post: 03-02-2002, 06:24 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •