high Traffic setup problem, module status don't deliver data

Aleksandar Lazic al-nginx at none.at
Tue Feb 11 11:41:22 UTC 2014

Am 11-02-2014 12:15, schrieb Maxim Dounin:
> Hello!
> On Mon, Feb 10, 2014 at 05:41:47PM +0100, Aleksandar Lazic wrote:
> [...]
>> Every time when I have more then ~400 r/s we get no data from the
>> status-request, this request rate means ~20k Packets/Second.
>> I use netfilter with fail2ban, but not the connection tracking module!
>> I have now seen on the tcpdump that I get a 'RST' Package quite 
>> immediately
>> after a request when the 'no answer from server' cames.
>> I think this could be a kernel-network issue not a nginx issue.
>> The question is:
>> Please can you help me to find the reason for the immediately  'RST' 
>> answer.
> Listen queue overflow?
> On modern Linux'es, it should be possible to check some listen
> queue numbers with "ss -nlt" / "netstat -nlt" (on BSD, detailed
> information is available with "netstat -Lan"), and number of
> overflows happended in past should be in "netstat -s" stats.  To
> tune listen queue size used by nginx, use "backlog" parameter of
> the listen directive.  Note that system limits like
> tcp_max_syn_backlog and somaxconn also require tuning.

root at ns61620:~# ss -nlt|egrep 'Sta|<IP>'
State      Recv-Q Send-Q        Local Address:Port          Peer 
LISTEN     0      128            <IP>:80                       *:*

sysctl -a|egrep 'somaxconn|tcp_max_syn'
net.core.somaxconn = 4069
net.ipv4.tcp_max_syn_backlog = 8192

I have not add "backlog" to the listen directive.

Do you have some suggestions about useful values for that amount of 

> If stateful firewall is used, this also can be a result of "out of
> states" conditions, check your firewall stats.

I don't use connection track module.


More information about the nginx mailing list