high Traffic setup problem, module status don't deliver data
mdounin at mdounin.ru
Tue Feb 11 11:15:00 UTC 2014
On Mon, Feb 10, 2014 at 05:41:47PM +0100, Aleksandar Lazic wrote:
> Every time when I have more then ~400 r/s we get no data from the
> status-request, this request rate means ~20k Packets/Second.
> I use netfilter with fail2ban, but not the connection tracking module!
> I have now seen on the tcpdump that I get a 'RST' Package quite immediately
> after a request when the 'no answer from server' cames.
> I think this could be a kernel-network issue not a nginx issue.
> The question is:
> Please can you help me to find the reason for the immediately 'RST' answer.
Listen queue overflow?
On modern Linux'es, it should be possible to check some listen
queue numbers with "ss -nlt" / "netstat -nlt" (on BSD, detailed
information is available with "netstat -Lan"), and number of
overflows happended in past should be in "netstat -s" stats. To
tune listen queue size used by nginx, use "backlog" parameter of
the listen directive. Note that system limits like
tcp_max_syn_backlog and somaxconn also require tuning.
If stateful firewall is used, this also can be a result of "out of
states" conditions, check your firewall stats.
More information about the nginx