[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SLAPD_LISTEN increase



netstat -sP tcp works to determine if your server is actively dropping connections due to backlog full conditions. Do the servers show numerous tcpListenDrops?

Quanah Gibson-Mount wrote:



--On Wednesday, May 04, 2005 11:35 PM -0700 Quanah Gibson-Mount <quanah@stanford.edu> wrote:

I will note that this advisory is from 1996, so I'm not sure how much the
SYN flood issue applies... Given the rather large targets painted on
Stanford's servers, if it were an issue I'm fairly certain we'd have seen
it before.


The ndd parameter listed has also changed names since the advisory was
written.  It is:

tcp_conn_req_max_q

now.


I personally tune my ndd settings already, although my tcp_conn_req_max_q
is only 1024. I'm somewhat curious about the adb line, and if that has
changed somewhat since then.


Reading Sun's current documentation notes that

tcp_conn_req_max_q

should be less than

tcp_conn_req_max_q0

which is what replaces the adb line in modern Solaris.

See <http://docs.sun.com/app/docs/doc/817-1759/6mhfh76h3?a=view>

It looks like setting:

tcp_conn_req_max_q0 to 10240 may help resolve issues, along with increasing
tcp_conn_req_max_q


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin