netstat -ntp |grep 80 shows too many ESTABLISHED connection from single IP address. Around 300 of them and it is not an attack and user is using a 2G connection to access Apache. This is the case with other 2G connections also. As a result of this Apache is running out of children.
Earlier it was showing too many close_wait and after enabling
tcp_tw_reuse and tcp_tw-recycle there is not much close_wait but the number of ESTABLISHED connections increased.
We are using Ubuntu 11.04 having 48 GB ram
keepalive On
keepalive timeout 10
max clients 800
max-request-perchild 4000
timeout 300
I have set syn_ack to 1 and syn_retries to 2.
On wifi there is no such issue. Connections are closing properly, but with 2G connections Apache is running out of children and too many ESTABLISHED connection.
also i have tried setting timeout from default 300 to 30,but since our project is image hosting for mobile phones,clients couldn't upload images properly as they are getting frequent time out.Also there were a lot of 408 messages so changed it to the default 300
Best Answer
The fin timeout helps here but reuse and reccyle? Why?
This is just silly. Even with dialup, this should be 3 or less.
Do you know what this does? This might be the default but it is way too high again.
You might try capturing some of the traffic using wireshark to see exactly why the connections are not closing.
Only if the client is very badly broken and you're not bothered about providing a service to them.
It'll certainly handle slow connections much more easily, however you might want to use as a proxy (and you can selectively/transparently route particular subnets via this using iptables)