public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] TCP listen overflows
@ 2015-10-14 16:11 Grant
  2015-10-14 17:19 ` [gentoo-user] " James
  0 siblings, 1 reply; 3+ messages in thread
From: Grant @ 2015-10-14 16:11 UTC (permalink / raw
  To: Gentoo mailing list

My site when down for about 10 minutes recently and the only
interesting thing I see in the munin graphs is a massive spike in "TCP
socket buffer errors", specifically "Listen overflows" at exactly the
same time.  Is that a clue or just a result of the downtime?  Nothing
in the logs.

- Grant


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [gentoo-user] Re: TCP listen overflows
  2015-10-14 16:11 [gentoo-user] TCP listen overflows Grant
@ 2015-10-14 17:19 ` James
  2015-10-19 23:39   ` Adam Carter
  0 siblings, 1 reply; 3+ messages in thread
From: James @ 2015-10-14 17:19 UTC (permalink / raw
  To: gentoo-user

Grant <emailgrant <at> gmail.com> writes:


> My site when down for about 10 minutes recently and the only
> interesting thing I see in the munin graphs is a massive spike in "TCP
> socket buffer errors", specifically "Listen overflows" at exactly the
> same time.  Is that a clue or just a result of the downtime?  Nothing
> in the logs.


Hard to tell. What I have done in the past is install a hub/switch
outside your firewall/DMZ with several systems to perform 'mock tests'
via standard penetration tests, packet flooding, DoS, etc etc depending
on your suspicions, and pound on your net

Pentoo linux is also an excellent tool.


hth,
James





^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [gentoo-user] Re: TCP listen overflows
  2015-10-14 17:19 ` [gentoo-user] " James
@ 2015-10-19 23:39   ` Adam Carter
  0 siblings, 0 replies; 3+ messages in thread
From: Adam Carter @ 2015-10-19 23:39 UTC (permalink / raw
  To: gentoo-user@lists.gentoo.org

[-- Attachment #1: Type: text/plain, Size: 505 bytes --]

I dont know what that error means, but default webserver and TCP stack
options may not be helping. I investigated a Centos box with resources
issues a while back. It had many thousands of sockets in TIME_WAIT state.

IIRC i reduced /proc/sys/net/ipv4/tcp_fin_timeout from 60 to 15, and
enabled pipelining on the webserver, along with a few other webserver
tweaks.

First quick check if it happens again: netstat -an | grep -ci wait
If it returns a five figure number then the above would be worth a look.

[-- Attachment #2: Type: text/html, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-10-19 23:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-10-14 16:11 [gentoo-user] TCP listen overflows Grant
2015-10-14 17:19 ` [gentoo-user] " James
2015-10-19 23:39   ` Adam Carter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox