答复: 答复: 答复: How to use multiple IP as proxied connection IP

Zhang,Tony tzhang at tudou.com
Mon Aug 31 12:05:02 MSD 2009


Hi

net.ipv4.tcp_fin_timeout = 1

about 50000 time_wait totally (2 nginx lb servers), peak time, maybe more.

That's why I think ports are not enough


Thx
Jie

Tony ZHANG

Tudou.com - Tech - OP - Site
Email: tzhang at tudou.com
Better Performance, Better Experience



-----邮件原件-----
发件人: owner-nginx at sysoev.ru [mailto:owner-nginx at sysoev.ru] 代表 Joshua Zhu
发送时间: 2009年8月31日 15:39
收件人: nginx at sysoev.ru
主题: Re: 答复: 答复: How to use multiple IP as proxied connection IP

Hi,

Then how many TIME_WAITs were there? And your TIME_WAIT value?

2009/8/31 Zhang,Tony <tzhang at tudou.com>:
> Hi
>
> Yes, I have done that yet
>
> net.ipv4.ip_local_port_range = 1025 65000
>
> almost largest port range
>
>
> Thx
> Jie
>
> Tony ZHANG
>
> Tudou.com - Tech - OP - Site
> Email: tzhang at tudou.com
> Better Performance, Better Experience
>
>
> -----邮件原件-----
> 发件人: owner-nginx at sysoev.ru [mailto:owner-nginx at sysoev.ru] 代表 Joshua Zhu
> 发送时间: 2009年8月31日 14:48
> 收件人: nginx at sysoev.ru
> 主题: Re: 答复: How to use multiple IP as proxied connection IP
>
> Hi,
>
> Have you enlarged the ephemeral port range of your operating system?
> http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html
>
> On Sat, Aug 29, 2009 at 7:51 PM, Zhang,Tony<tzhang at tudou.com> wrote:
>> Hi
>>
>> Kernel timeout has been shortened before, but still many time_wait
>>
>>
>> Thx
>> Jie
>>
>> Tony ZHANG
>>
>> Tudou.com - Tech - OP - Site
>> Email: tzhang at tudou.com
>> Better Performance, Better Experience
>>
>>
>> -----邮件原件-----
>> 发件人: owner-nginx at sysoev.ru [mailto:owner-nginx at sysoev.ru] 代表 Miros?aw Jaworski
>> 发送时间: 2009年8月29日 16:52
>> 收件人: nginx at sysoev.ru
>> 主题: Re: How to use multiple IP as proxied connection IP
>>
>> On Sat, 2009-08-29 at 15:17 +0800, Zhang,Tony wrote:
>>> Currently, my Nginx service IP is used as both VIP (service IP) and
>>> proxied connection source IP ( I use Nginx as pure proxy server),
>>> since I use close connection to user client, and close connection is
>>> used between Nginx and backend squid, those two situation means that
>>> there are many time_wait connections hung over there, and proxy
>>> connection port of that VIP is not that enough, is there any way to
>>> use multiple IP or dedicated IPs as proxied IP to increase the usable
>>> connection port. Thx a lot!
>>
>> If you haven't done that yet, you certainly want to shorten tcp
>> timeouts first.
>>>
>> --
>> Miroslaw "Psyborg" Jaworski
>> GCS/IT d- s+:+ a C++$ UBI++++$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O-
>> M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y?
>>
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com
>> Version: 8.5.409 / Virus Database: 270.13.71/2330 - Release Date: 08/27/09 18:02:00
>>
>> No virus found in this outgoing message.
>> Checked by AVG - www.avg.com
>> Version: 8.5.409 / Virus Database: 270.13.71/2330 - Release Date: 08/27/09 18:02:00
>>
>> This e-mail is confidential. It may also be legally privileged.If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error,please delete it and all copies from your system and notify the sender immediately by return e-mail.Internet communications cannot be guaranteed to be timely,secure, error or virus-free. The sender does not accept liability for any errors or omissions.
>>
>
> Regards,
>
> --
> Joshua Zhu
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.409 / Virus Database: 270.13.71/2336 - Release Date: 08/30/09 17:51:00
>
> No virus found in this outgoing message.
> Checked by AVG - www.avg.com
> Version: 8.5.409 / Virus Database: 270.13.71/2336 - Release Date: 08/30/09 17:51:00
>
> This e-mail is confidential. It may also be legally privileged.If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error,please delete it and all copies from your system and notify the sender immediately by return e-mail.Internet communications cannot be guaranteed to be timely,secure, error or virus-free. The sender does not accept liability for any errors or omissions.
>

Cheers!

--
Joshua Zhu


No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.409 / Virus Database: 270.13.71/2336 - Release Date: 08/30/09 17:51:00

No virus found in this outgoing message.
Checked by AVG - www.avg.com
Version: 8.5.409 / Virus Database: 270.13.71/2336 - Release Date: 08/30/09 17:51:00

This e-mail is confidential. It may also be legally privileged.If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error,please delete it and all copies from your system and notify the sender immediately by return e-mail.Internet communications cannot be guaranteed to be timely,secure, error or virus-free. The sender does not accept liability for any errors or omissions.


More information about the nginx mailing list