0

Often there is a sudden increase in ip_conntrack connections on my server. (See image below).

IP CONNTRACK INCREASE

This sudden increase results in a abnormal increase in SYN_SENT connections.(see screenshot) This is a drop of connections on a un expected moment. The drop should not be there and the server acts really slow.

FIREWALL CONNECTIONS

Some additional netfilter information. The system log does not show message like table full dropping packages. But still the server is super slow and not answering all requests.

Is there something that I can do on tweaking settings? (CentOS 5.5). 40% of connections are outgoing connections to MemCache server. 

net.netfilter.nf_log.0 = NONE
net.netfilter.nf_log.1 = NONE
net.netfilter.nf_log.2 = ipt_LOG
net.netfilter.nf_log.3 = NONE
net.netfilter.nf_log.4 = NONE
net.netfilter.nf_log.5 = NONE
net.netfilter.nf_log.6 = NONE
net.netfilter.nf_log.7 = NONE
net.netfilter.nf_log.8 = NONE
net.netfilter.nf_log.9 = NONE
net.netfilter.nf_log.10 = NONE
net.netfilter.nf_log.11 = NONE
net.netfilter.nf_log.12 = NONE
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_established = 432000
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_tcp_loose = 1
net.netfilter.nf_conntrack_tcp_be_liberal = 0
net.netfilter.nf_conntrack_tcp_max_retrans = 3
net.netfilter.nf_conntrack_udp_timeout = 30
net.netfilter.nf_conntrack_udp_timeout_stream = 180
net.netfilter.nf_conntrack_icmpv6_timeout = 30
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_acct = 0
net.netfilter.nf_conntrack_events = 1
net.netfilter.nf_conntrack_events_retry_timeout = 15
net.netfilter.nf_conntrack_max = 65536
net.netfilter.nf_conntrack_count = 10563
net.netfilter.nf_conntrack_buckets = 16384
net.netfilter.nf_conntrack_checksum = 1
net.netfilter.nf_conntrack_log_invalid = 0
net.netfilter.nf_conntrack_expect_max = 256
Peter Fox
  • 115
  • 4
  • What is the purpose of the server? What are the outgoing Memcached connections? Do you mean 40% of outgoing connections are to Memcached when the spike occurs? Please clarify your question, it cannot be answered like this. – Tero Kilkanen Oct 25 '16 at 05:19
  • Hi Tero, thanks for your comment. It is an application server that has its peak moments between 7pm and 10pm. The application server uses a separate Memcache server to retrieve a significant amount of data. Yes, 40% of the connections through the firewall are outgoing connections to the memcahce server. But that happens continuously, not one specific moment of the day. – Peter Fox Oct 25 '16 at 07:32

0 Answers0