From: Lutz Vieweg <lvml@5t9•de>
To: Willy Tarreau <w@1wt•eu>, David Miller <davem@davemloft•net>
Cc: soheil.kdev@gmail•com, netdev@vger•kernel.org, soheil@google•com,
edumazet@google•com, ncardwell@google•com, ycheng@google•com,
fw@strlen•de
Subject: Re: [PATCH net-next 1/2] tcp: remove per-destination timestamp cache
Date: Thu, 16 Mar 2017 12:31:25 +0100 [thread overview]
Message-ID: <58CA778D.9020208@5t9.de> (raw)
In-Reply-To: <20170315225508.GB14761@1wt.eu>
On 03/15/2017 11:55 PM, Willy Tarreau wrote:
> At least I can say I've seen many people enable it without understanding its impact, confusing it
> with tcp_tw_reuse, and copy-pasting it from random blogs and complaining about issues in
> production.
I currently wonder: What it the correct advise to an operator who needs
to run one server instance that is meant to accept thousands of new,
short-lived TCP connections per minute?
The explanation text at
https://vincent.bernat.im/en/blog/2014-tcp-time-wait-state-linux
seems to provide comprehensive advise, but its summary is, after all,
somewhat disappointing:
> The universal solution is to increase the number of possible quadruplets by using, for example,
> more server ports. This will allow you to not exhaust the possible connections with TIME-WAIT
> entries.
Assuming an operator has to deal with a given server executable, which does not
provide a feature to "open many listening ports for the same purpose in parallel",
this is hardly an option. (Of course, if you can start just N instead of 1 server
instance, this becomes an option, but not everything is a simple, stateless web server.)
> On the server side, do not enable net.ipv4.tcp_tw_recycle unless you are pretty sure you will
> never have NAT devices in the mix. Enabling net.ipv4.tcp_tw_reuse is useless for incoming
> connections.
So basically both options won't help the server operator.
> On the client side, enabling net.ipv4.tcp_tw_reuse is another almost-safe solution. Enabling
> net.ipv4.tcp_tw_recycle in addition to net.ipv4.tcp_tw_reuse is mostly useless.
If you just operate the server, but not the (remote) clients, this is not relevant.
Is the final verdict that unless a server software by itself offers to open
N listen ports for the same purpose, there is no solution?
Regards,
Lutz Vieweg
next prev parent reply other threads:[~2017-03-16 11:37 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-15 20:30 [PATCH net-next 1/2] tcp: remove per-destination timestamp cache Soheil Hassas Yeganeh
2017-03-15 20:30 ` [PATCH net-next 2/2] tcp: remove tcp_tw_recycle Soheil Hassas Yeganeh
2017-03-15 22:40 ` [PATCH net-next 1/2] tcp: remove per-destination timestamp cache David Miller
2017-03-15 22:55 ` Willy Tarreau
2017-03-16 11:31 ` Lutz Vieweg [this message]
2017-03-16 15:40 ` Neal Cardwell
2017-03-16 16:05 ` Willy Tarreau
2017-03-16 17:30 ` Lutz Vieweg
2017-03-15 22:57 ` Florian Westphal
2017-03-15 23:45 ` David Miller
2017-03-15 22:59 ` Eric Dumazet
2017-03-15 23:45 ` David Miller
2017-03-16 0:06 ` Eric Dumazet
2017-03-19 7:53 ` Alexander Alemayhu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58CA778D.9020208@5t9.de \
--to=lvml@5t9$(echo .)de \
--cc=davem@davemloft$(echo .)net \
--cc=edumazet@google$(echo .)com \
--cc=fw@strlen$(echo .)de \
--cc=ncardwell@google$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=soheil.kdev@gmail$(echo .)com \
--cc=soheil@google$(echo .)com \
--cc=w@1wt$(echo .)eu \
--cc=ycheng@google$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox