Is there any settings in sysctl that controls the maximum number of connections that are allowed from any one ip address? I'm having connection issues a redis server and a rabbitmq instance and I'd like to eliminate this possible condition before delving deeper into netstat results.
Linux – sysctl setting for maximum connections from ip address
linuxnetworkingsysctltcp
Related Solutions
Have you tried enabling Compound TCP (CTCP) in your Windows 7/8 clients.
Please read:
Increasing Sender-Side Performance for High-BDP Transmission
http://technet.microsoft.com/en-us/magazine/2007.01.cableguy.aspx
...
These algorithms work well for small BDPs and smaller receive window sizes. However, when you have a TCP connection with a large receive window size and a large BDP, such as replicating data between two servers located across a high-speed WAN link with a 100ms round-trip time, these algorithms do not increase the send window fast enough to fully utilize the bandwidth of the connection.
To better utilize the bandwidth of TCP connections in these situations, the Next Generation TCP/IP stack includes Compound TCP (CTCP). CTCP more aggressively increases the send window for connections with large receive window sizes and BDPs. CTCP attempts to maximize throughput on these types of connections by monitoring delay variations and losses. In addition, CTCP ensures that its behavior does not negatively impact other TCP connections.
...
CTCP is enabled by default in computers running Windows Server 2008 and disabled by default in computers running Windows Vista. You can enable CTCP with the
netsh interface tcp set global congestionprovider=ctcp
command. You can disable CTCP with thenetsh interface tcp set global congestionprovider=none
command.
Edit 6/30/2014
to see if CTCP is really "on"
> netsh int tcp show global
i.e.
PO said:
If I understand this correctly, this setting increases the rate at which the congestion window is enlarged rather than the maximum size it can reach
CTCP aggressively increases the send window
http://technet.microsoft.com/en-us/library/bb878127.aspx
Compound TCP
The existing algorithms that prevent a sending TCP peer from overwhelming the network are known as slow start and congestion avoidance. These algorithms increase the amount of segments that the sender can send, known as the send window, when initially sending data on the connection and when recovering from a lost segment. Slow start increases the send window by one full TCP segment for either each acknowledgement segment received (for TCP in Windows XP and Windows Server 2003) or for each segment acknowledged (for TCP in Windows Vista and Windows Server 2008). Congestion avoidance increases the send window by one full TCP segment for each full window of data that is acknowledged.
These algorithms work well for LAN media speeds and smaller TCP window sizes. However, when you have a TCP connection with a large receive window size and a large bandwidth-delay product (high bandwidth and high delay), such as replicating data between two servers located across a high-speed WAN link with a 100 ms round trip time, these algorithms do not increase the send window fast enough to fully utilize the bandwidth of the connection. For example, on a 1 Gigabit per second (Gbps) WAN link with a 100 ms round trip time (RTT), it can take up to an hour for the send window to initially increase to the large window size being advertised by the receiver and to recover when there are lost segments.
To better utilize the bandwidth of TCP connections in these situations, the Next Generation TCP/IP stack includes Compound TCP (CTCP). CTCP more aggressively increases the send window for connections with large receive window sizes and large bandwidth-delay products. CTCP attempts to maximize throughput on these types of connections by monitoring delay variations and losses. CTCP also ensures that its behavior does not negatively impact other TCP connections.
In testing performed internally at Microsoft, large file backup times were reduced by almost half for a 1 Gbps connection with a 50ms RTT. Connections with a larger bandwidth delay product can have even better performance. CTCP and Receive Window Auto-Tuning work together for increased link utilization and can result in substantial performance gains for large bandwidth-delay product connections.
After a lot of investigation and Google searches, I was able to find the root cause and ultimately a fix. After ruling out networking and dns issues, I was only left with the protocol. Since Ping worked and telnet to port 1 did not, I knew it couldn't be a port issue. After testing traffic with both UDP and TCP, it turned out that TCP was the only protocol that was having the issue.
I ran tcpdump
to check the packets that were being exchanged and I noticed right away that only the initial SYN packet was being sent from the client to the server and the ACK was not being returned. Unfortunately, there was no root cause found yet.
By running netstat -s
before and after attempting multiple ssh connects over a few trials, the only value that was off was the "Passive connection rejected because of time stamp". I found this article (in Japanese) that was related to this issue and suggested a relation with tcp_tw_recycle in a NAT environment. The resulting conclusion was to disable tcp_tw_recycle, the consequence being that the number of open TCP connections doubled, we were able to resolve the issue. This ServerFault answer discusses it's ramifications in detail.
Hopefully this answer will prove useful to someone else who ends up dealing with this edge case. Also, does anybody have any additional suggestions / warnings related to this solution?
Best Answer
See discussion at https://stackoverflow.com/questions/410616/increasing-the-maximum-number-of-tcp-ip-connections-in-linux there are sysctl settings given and explained.
See http://fasterdata.es.net/fasterdata/host-tuning/linux/ for some other tunables.