Followup: SUMMARY: Cannot telnet out of box with thousands of TIME_WAIT ports

From: john.hilger@ac.com
Date: Wed Sep 01 1999 - 11:57:34 CDT


Following my summary of "Cannot telnet out of box with thousands of TIME_WAIT
ports", I received many requests for the Solaris TCP stack tuning website I
mentioned in my Summary. The website follows ...

http://www.rvs.uni-hannover.de/people/voeckler/tune/EN/tune.html

Enjoy,

John

Dave Malhotra <Dave.Malhotra@exodus.net>
09/01/99 01:57 AM GMT

To: John Hilger@Andersen Consulting
cc:
Subject: RE: SUMMARY: Cannot telnet out of box with thousands of TIME_WAIT
      ports

could you give me the address to the "Solaris TCP stack tuning website?

thanks,

dave

> -----Original Message-----
> From: john.hilger@ac.com [SMTP:john.hilger@ac.com]
> Sent: Monday, August 30, 1999 8:21 PM
> To: sun-managers@sunmanagers.ececs.uc.edu
> Subject: SUMMARY: Cannot telnet out of box with thousands of
> TIME_WAIT ports
>
> Thank you to Alan Hill who provided an answer which I believe is the
> answer. I
> have included his response below (which includes my original message as
> well).
> I should also mention that I found a "Solaris TCP stack tuning" web site
> which
> mentioned this same recommendation for Web servers. It went on to explain
> that
> by reducing the tcp_close_wait_interval you are effectively reducing the
> amount
> of time the TCP stack has to wait for a resource to become available.
>
> Thanks again Alan,
>
> John Hilger
>
>
>
> Close wait interval Modification
> > ndd /dev/tcp tcp_close_wait_interval
> 240000
> > ndd -set /dev/tcp tcp_close_wait_interval 30000
>
> The first line is to check what the default was set to. The second will
> set
> to a better value.
> This is a problem when you have m$ tcp/ip stacks talking to a real tcp/ip
> stack.
>
> I see this problem on HTTP servers and firewalls.
>
>
> > -----Original Message-----
> > From: john.hilger@ac.com [SMTP:john.hilger@ac.com]
> > Sent: Tuesday, August 17, 1999 8:39 PM
> > To: sunmanagers.ececs.uc.edu
> > Subject: Cannot telnet out of box with thousands of TIME_WAIT ports
> >
> > Sun Managers,
> >
> > I have a strange problem which I have seen twice, yet cannot
> reproduce.
> > The
> > only solution I have for the problem is to reboot the system, which
> fixes
> > the
> > problem, but when this application moves into production this will not
> be
> > an
> > acceptable solution; therefore I must understand. I checked Sunsolve
> and
> > found
> > nothing.
> >
> > I have an Ultra 10 running Solaris 2.6., fully patched. I am able to
> > telnet
> > into the system, but I cannot telnet out. When I attempt to I get an
> > error
> > message "unable to register address". I issued a "kill -1 <inetd PID>",
> > and
> > still I cannot telnet out. When I look at the output of "netstat -a", I
> > see
> > thousands of ports with a status of "TIME_WAIT" ( 38154 to be exact ).
> > Very
> > suspicious !!! I believe I might be running out of ports. I captured
> the
> > output of "netstat -a", "netstat -av", "netstat -i", "netstat -s",
> > "netstat -k",
> > and "sar -A 10 10", hoping that one of these might capture output which
> > would
> > explain it later ( I can send the output to someone if necessary ).
> >
> > Can someone tell me 1) what is the limit on ports (or how can I find
> > out what
> > my limit is if it is a variable), and 2) what might cause the above
> > described
> > error when attempting to telnet out of the box.
> >
> > Thanks,
> >
> > John Hilger
> >
> > john.hilger@ac.com
> >
> >
>
>
>
>



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:25 CDT