Nginx setting up >25.000 concurrent connections per second

Bradley Falzon brad at teambrad.net
Fri Oct 7 00:09:15 UTC 2011


On Fri, Oct 7, 2011 at 5:00 AM, atadmin <nginx-forum at nginx.us> wrote:

>
> # Turn on syncookies for SYN flood attack protection
> net.ipv4.tcp_syncookies = 0
>

I've never tested the performance benefit (and the costs) of having sync
cookies enabled or not, but that command there suggests you have turned sync
cookies off (you probably want it enabled - again it comes at a cost I
haven't personally investigated).

Also, you have mentioned the state of iptables connection tracking yet. That
could be a problem if you believe the bottleneck is the server and haven't
checked that already. You probably want to disable nf_conntrack and rewrite
your iptables rules (or just disable firewalling completely).

-- 
Bradley Falzon
brad at teambrad.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20111007/6f271749/attachment.html>


More information about the nginx mailing list