> > The server is quite busy (25 req/s, load between 2 and 4). Every 10 or 15
> > minutes the server completely stops accepting new HTTP requests, I can see
> > the number of open TCP connections decrease from 1000 or more to a couple
>
> But are there lots of requests in SYN_RECV queued ?
No, majority are 'TIME_WAIT'
>
> > apache immediately cures the problem. I have tried to compile Apache with
> > and without -DSINGLE_LISTEN_UNSERIALIZED_ACCEPT option, no noticeable
> > diffrence ...
> >
> > Any ideas ?
>
> Turn on syn cookies in case its an attack triggering this
> (echo "1" > /proc/sys/net/ipv4/tcp_syncookies )
Ok, done.
By the way, I have completely disabled the "KeepAlive" feature of Apache
(KeepAlive Off), and the problem has not came back for the moment (15
minutes ...) may be it's a bit early to draw conclusions but a least it
seems to help (at this time 1200 open connections, 110 in SYN_RECV and
1000 in TIME_WAIT).
Kernel bug or Apache bug ?
Thanks.
--- Yann Doussot <doussot@gifrance.com> Grey Interactive - France - http://www.gifrance.com/ Cell: +33 6 12 71 70 03 Work: +33 1 46 84 85 00
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/