3

I am using 10EC2 Instances behind 1 ELB. And ELB configured 80 to 8080 and 443 to 8080 port.

And all 10EC2 instances having installed with Apache Tomcat, total request on ELB around 8000 to 10000 in 1 minute.

I am facing problem for CLOSE_WAIT connection on 10 EC2 Instance, having Apache Tomcat.

EC2 Instance Type : m1.xlarge

When we restart the Apache Tomcat, all CLOSE_WAIT connections are lost, but its not proper way to work on Production Instances.

Please help me out.

rajnikant
  • 31
  • 1
  • 1
  • 2
  • Same problem here! But the strange thing is I am running workers that are connected to my local nginx using unix socket. And these workers are stuck with a connection on load balancer on SSL port. I tried many other solutions and it keeps happening (changed nginx to apache, and uwsgi to gunicorn for python workers). I believe its a ELB problem. And the worst thing is that sometimes it goes crazy an floods my EC2 instances with CLOSE_WAIT connections (more than 100k connections). Amazon support says its not an ELB issue. Any hints? – mannysz Apr 14 '16 at 15:12

3 Answers3

2

Some clients don't properly close the TCP connection when they're done. That's out of your control. These generally time out after a bit, and don't create too much of a problem, other than cluttering the listing you get from netstat -an and similar.

So, why you are having a problem with it?

This might be pertinent: What limits the maximum number of connections on a Linux server?

mc0e
  • 5,786
  • 17
  • 31
0

This is a variant of the problem described here: https://unix.stackexchange.com/questions/10106/orphaned-connections-in-close-wait-state Does your application have many mobile clients? These clients, connecting over unreliable networks, can do crazy things with TCP states.

The simplest way to handle it is to reboot your apache instances in a rolling fashion - say, one server each 30 minutes. If you have enough instances behind your ELB then the net effect on your service should be bearable.

Shlomo Swidler
  • 721
  • 5
  • 5
  • Earlier, all of the clients on the Internet were connecting over rather unreliable and slow networks and TCP states weren't gone crazy. ) – poige May 27 '13 at 11:16
  • Does this actually work? My understanding is that those CLOSE_WAIT states are being maintained by the OS, and restarting apache processes should have no effect. – mc0e Dec 05 '16 at 06:22
0

Check out cutter.

Cutter is a tool for linux-based firewalls that allows connections passing through them to be forcably [sic] aborted by the firewall administrator.

dmourati
  • 24,720
  • 2
  • 40
  • 69