brussell123
asked on
Brand new squid server shows many connections stuck in TIME_WAIT
Hi all!
The title really says it all. I deployed the squid server to a small number of highly used computers yesterday and this morning I checked the server with a netstat -t and saw that several of the computers were still in the TIME_WAIT state. Is there a way that I could clear them or, better yet prevent the connections from getting stuck in this state permanently?
The title really says it all. I deployed the squid server to a small number of highly used computers yesterday and this morning I checked the server with a netstat -t and saw that several of the computers were still in the TIME_WAIT state. Is there a way that I could clear them or, better yet prevent the connections from getting stuck in this state permanently?
Pablo Allietti
do a netstat -np and check the process that hang the connection
sorry netstat -ap
ASKER
All of the ESTABLISHED connections (except my ssh connection) are associated with squid. The TIME_WAIT connections just have a "-" in the PID/Program field.
folow this thred.
http://www.squid-cache.org/mail-archive/squid-users/200304/0903.html
http://www.squid-cache.org/mail-archive/squid-users/200304/0903.html
TIME_WAIT's are half closed connections..., The FIN packet has left your system but the FIN-ACK hasn't been received yet.
so there is no process associated anymore with the socket (hence the - in the PID field).
The problem might be a slow response from a remote system like:
Squid closes the link, your netfilter settings close down a few seconds later but the FIN-ACK hasn't been received yet.
AFTER 60 seconds that socket will get killed too.
Here is a similar reference.
http://www.mail-archive.com/netfilter-devel%40lists.samba.org/msg00644.html
so there is no process associated anymore with the socket (hence the - in the PID field).
The problem might be a slow response from a remote system like:
Squid closes the link, your netfilter settings close down a few seconds later but the FIN-ACK hasn't been received yet.
AFTER 60 seconds that socket will get killed too.
Here is a similar reference.
http://www.mail-archive.com/netfilter-devel%40lists.samba.org/msg00644.html
ASKER
No luck. I have resorted to simply ignoring the TIME_WAIT connections. I have no idea what the max connections of my box is but I really cant think of what else to do except restart the server once a week at night.
I was on holiday since 27-07-2006, and obviously missed the update; if brussel123 want to persue or close I leave it to him
regarding the points there's no real solution only a pointer were to look, and an explanation.
regarding the points there's no real solution only a pointer were to look, and an explanation.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.