From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andy Furniss <andyqos@ukfsn.org>
Date: Thu, 14 Feb 2013 09:55:31 +0000
Subject: Re: TCP/IP stack overloaded?
Message-Id: <511CB493.4040204@ukfsn.org>
List-Id: <lartc.vger.kernel.org>
References: <CAAFQuU1=t56pC-=Quzn3+MN7UhopAOp_kYE3fdNwpQDQbc=YUg@mail.gmail.com>
In-Reply-To: <CAAFQuU1=t56pC-=Quzn3+MN7UhopAOp_kYE3fdNwpQDQbc=YUg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Ari Heitner wrote:
> On Mon, Feb 11, 2013 at 7:11 PM, Erik Auerswald
> <auerswal@unix-ag.uni-kl.de> wrote:
>> Hi Ari,
>>
>>
>> On 02/12/2013 12:54 AM, Ari Heitner wrote:
>>> Symptom: seemingly randomly, up to a few times a day, the network
>>> connection just chokes for about 30 seconds.
>>
>> Just an idea: check the number of currently active NAT sessions. Maybe this
>> hits a limit, some older sessions time out and everything works again.
>
> Have been running netstat-nat -n to take a look at things, both during
> normal operations and during the chokes - below is for normal
> operations
>      camelot:~# netstat-nat -n | wc -l
>      374
>      camelot:~# netstat-nat -n | grep tcp | wc -l
>      269
>      camelot:~# netstat-nat -n | grep ESTABLISHED | wc -l
>      115

Doesn't seem very high, maybe you should check any traffic shaping rules 
you have and think about where arp is going - if you use htb default xx 
that will catch arp unless you have set up filters with "protocol arp" 
to make it go elsewhere.