SUMMARY: Cannot telnet out of box with thousands of TIME_WAIT ports

From: john.hilger@ac.com
Date: Mon Aug 30 1999 - 19:20:35 CDT


Thank you to Alan Hill who provided an answer which I believe is the answer. I
have included his response below (which includes my original message as well).
I should also mention that I found a "Solaris TCP stack tuning" web site which
mentioned this same recommendation for Web servers. It went on to explain that
by reducing the tcp_close_wait_interval you are effectively reducing the amount
of time the TCP stack has to wait for a resource to become available.

Thanks again Alan,

John Hilger

Close wait interval Modification
> ndd /dev/tcp tcp_close_wait_interval
240000
> ndd -set /dev/tcp tcp_close_wait_interval 30000

The first line is to check what the default was set to. The second will set
to a better value.
This is a problem when you have m$ tcp/ip stacks talking to a real tcp/ip
stack.

I see this problem on HTTP servers and firewalls.

> -----Original Message-----
> From: john.hilger@ac.com [SMTP:john.hilger@ac.com]
> Sent: Tuesday, August 17, 1999 8:39 PM
> To: sunmanagers.ececs.uc.edu
> Subject: Cannot telnet out of box with thousands of TIME_WAIT ports
>
> Sun Managers,
>
> I have a strange problem which I have seen twice, yet cannot reproduce.
> The
> only solution I have for the problem is to reboot the system, which fixes
> the
> problem, but when this application moves into production this will not be
> an
> acceptable solution; therefore I must understand. I checked Sunsolve and
> found
> nothing.
>
> I have an Ultra 10 running Solaris 2.6., fully patched. I am able to
> telnet
> into the system, but I cannot telnet out. When I attempt to I get an
> error
> message "unable to register address". I issued a "kill -1 <inetd PID>",
> and
> still I cannot telnet out. When I look at the output of "netstat -a", I
> see
> thousands of ports with a status of "TIME_WAIT" ( 38154 to be exact ).
> Very
> suspicious !!! I believe I might be running out of ports. I captured the
> output of "netstat -a", "netstat -av", "netstat -i", "netstat -s",
> "netstat -k",
> and "sar -A 10 10", hoping that one of these might capture output which
> would
> explain it later ( I can send the output to someone if necessary ).
>
> Can someone tell me 1) what is the limit on ports (or how can I find
> out what
> my limit is if it is a variable), and 2) what might cause the above
> described
> error when attempting to telnet out of the box.
>
> Thanks,
>
> John Hilger
>
> john.hilger@ac.com
>
>



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:25 CDT