high Traffic setup problem, module status don't deliver data

Maxim Dounin mdounin at mdounin.ru
Tue Feb 11 11:15:00 UTC 2014


Hello!

On Mon, Feb 10, 2014 at 05:41:47PM +0100, Aleksandar Lazic wrote:

[...]

> Every time when I have more then ~400 r/s we get no data from the
> status-request, this request rate means ~20k Packets/Second.
> I use netfilter with fail2ban, but not the connection tracking module!
> 
> I have now seen on the tcpdump that I get a 'RST' Package quite immediately
> after a request when the 'no answer from server' cames.
> 
> I think this could be a kernel-network issue not a nginx issue.
> 
> The question is:
> Please can you help me to find the reason for the immediately  'RST' answer.

Listen queue overflow?

On modern Linux'es, it should be possible to check some listen 
queue numbers with "ss -nlt" / "netstat -nlt" (on BSD, detailed 
information is available with "netstat -Lan"), and number of 
overflows happended in past should be in "netstat -s" stats.  To 
tune listen queue size used by nginx, use "backlog" parameter of 
the listen directive.  Note that system limits like 
tcp_max_syn_backlog and somaxconn also require tuning.

If stateful firewall is used, this also can be a result of "out of 
states" conditions, check your firewall stats.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list