Re: high performance with a lot of outgoing connections

From: Its me! (epost_at_1spam.com)
Date: 08/05/04 

Date: Thu, 05 Aug 2004 15:27:10 GMT

Hacker Beware" <dumbass@hackerbeware.com> wrote in message
news:41125082$0$44251$af4e6cc9@news.usenetguide.com...
> > > > > >
> > > > > > I'm going to use a FreeBSD box as a base
> > > > > > for an application that will do a lot of outgoing connections.
> > > > > > Any suggestions how to set it up for high performance?
> > > > > > Last week I found out that there where no free ports left so
> > > > > > I had to increase
> > > > > > from
> > > > > > net.inet.ip.portrange.last: 5000
> > > > > > to
> > > > > > net.inet.ip.portrange.last: 30000
> > > > > > because I had 4000 connections in TIME_WAIT.
> > > > > > Is that the right way to deal with a lot of outgoing
connections?
> > > > > >
> > > > >
> > > > >
> > > > > I _thought_ that FreeBSD didn't have that problem. I thought
unused
> > > sockets
> > > > > were recycled as needed. This is one of the reasons we switched
off
> > > Windows
> > > > > servers. The limit was killing us. Are you sure your app is
> closing
> > > the
> > > > > sockets clean?
> > > >
> > > > I think everything is closed properly.
> > > > But as far as I understand the TIME_WAIT,
> > > > every connection stays in TIME_WAIT (1 minute) after the socket
> closure.
> > > > I read in the FreeBSD manual that net.inet.ip.portrange.last
> > > > have to be increased if you are doing a lot of outgoing connections.
> > >
> > >
> > > But I had read in the architecture book that the sockets when
exhausted
> > > perform a manual expiration of the oldest sockets first and then
> continue.
> > > So if you run out it will grab the oldest socket in that queue of
> > > TIME_WAIT's and force it to be recycled.
> > >
> > > Maybe that has changed since the book that I read (4.4 BSD Operating
> System
> > > Design Guide)...
> >
> > The problem is that when I try to connect to a remote machine
> > the connect() fails with
> > "Can't assign requested address"
> > There is no problem to create a socket.
> > When I increased the net.inet.ip.portrange.last the connect problem
> > seems to disappear.
> > Also the FreeBSD manual says
> >
> >
> > -----------------------
> > The net.inet.ip.portrange.* sysctl variables control the port number
> > ranges automatically bound to TCP and UDP sockets. There are three
> > ranges: a low range, a default range, and a high range. Most network
> > programs use the default range which is controlled by the
> > net.inet.ip.portrange.first and net.inet.ip.portrange.last, which
> > default to 1024 and 5000, respectively. Bound port ranges are used for
> > outgoing connections, and it is possible to run the system out of
> > ports under certain circumstances. This most commonly occurs when you
> > are running a heavily loaded web proxy. The port range is not an issue
> > when running servers which handle mainly incoming connections, such as
> > a normal web server, or has a limited number of outgoing connections,
> > such as a mail relay. For situations where you may run yourself out of
> > ports, it is recommended to increase net.inet.ip.portrange.last
> > modestly. A value of 10000, 20000 or 30000 may be reasonable. You
> > should also consider firewall effects when changing the port range.
> > Some firewalls may block large ranges of ports (usually low-numbered
> > ports) and expect systems to use higher ranges of ports for outgoing
> > connections -- for this reason it is recommended that
> > net.inet.ip.portrange.first be lowered.
> > ------------------------
>
>
> That is strange...
> I did find this in the docs... As an option to get you more sockets.
>
>
> sysctl -w net.inet.tcp.sendspace=32768
> sysctl -w net.inet.tcp.recvspace=32768
>
> sysctl -w net.link.ether.inet.max_age=1200
>
> Not sure if the last number should be that high. Dropping it will cause
the
> sockets to be recycled more quickly.
>
> I swear I read about socket recycling in BSD being deterministic to
prevent
> Denial Of Service attacks where all sockets are exhausted. I can't seem
to
> find it now.

What value would be better instead of the 1200? Is that seconds?

Relevant Pages

  • Re: high performance with a lot of outgoing connections
    ... >> have to be increased if you are doing a lot of outgoing connections. ... > But I had read in the architecture book that the sockets when exhausted ... ports under certain circumstances. ... should also consider firewall effects when changing the port range. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: high performance with a lot of outgoing connections
    ... >> ranges automatically bound to TCP and UDP sockets. ... >> ports under certain circumstances. ... >> a normal web server, or has a limited number of outgoing connections, ... As an option to get you more sockets. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: high performance with a lot of outgoing connections
    ... >> But I had read in the architecture book that the sockets when exhausted ... > ports under certain circumstances. ... > a normal web server, or has a limited number of outgoing connections, ... I swear I read about socket recycling in BSD being deterministic to prevent ...
    (comp.unix.bsd.freebsd.misc)
  • sockets, closing and TIME_WAIT
    ... During heavy load the server can't follow anymore because the sockets ... my server should be able to handle 10 clients connecting ... This gets a free position in the array of connections, ...
    (comp.unix.programmer)
  • troubles defining firewall policies
    ... restricting high ports. ... I use RH 7.3 and my eth0 interfase is part of the class C network ... use the linux machine as their gateways so all the network traffic is ... Grant incoming connections for every IP of my network ...
    (RedHat)