From: Lutz Vieweg <lvml@5t9.de>
To: Neal Cardwell <ncardwell@google.com>
Cc: Willy Tarreau <w@1wt.eu>, David Miller <davem@davemloft.net>,
Soheil Hassas Yeganeh <soheil.kdev@gmail.com>,
Netdev <netdev@vger.kernel.org>,
Soheil Hassas Yeganeh <soheil@google.com>,
Eric Dumazet <edumazet@google.com>,
Yuchung Cheng <ycheng@google.com>,
Florian Westphal <fw@strlen.de>
Subject: Re: [PATCH net-next 1/2] tcp: remove per-destination timestamp cache
Date: Thu, 16 Mar 2017 18:30:49 +0100 [thread overview]
Message-ID: <58CACBC9.40900@5t9.de> (raw)
In-Reply-To: <CADVnQy=Bxs-e-KxQsA8nPSfm9fVtogouxCRdgmrR0WyBkMS=Xw@mail.gmail.com>
On 03/16/2017 04:40 PM, Neal Cardwell wrote:
>> I currently wonder: What it the correct advise to an operator who needs
>> to run one server instance that is meant to accept thousands of new,
>> short-lived TCP connections per minute?
>
> Note that for this to be a problem there would have to be thousands of
> new, short-lived TCP connections per minute from a single source IP
> address to a single destination IP address. Normal client software
> should not be doing this. AFAIK this is pretty rare, unless someone is
> running a load test or has an overly-aggressive monitoring system.
Indeed, I meanwhile found that a load/regression test scenario had
been the rationale for the tcp_tw_recycle = 1 setting - when a
recorded log of hundreds of thousands connections (each placing
one or a few requests) was replayed, this failed due to excessive
number of TIME_WAIT state connections.
Do I understand correctly that "tcp_tw_recycle = 1" is fine
in such a scenario as one can be sure both client and server
are at fixed, not-NATed IP addresses?
I wonder whether there might be a possibility to limit the use
of "tcp_tw_recycle = 1" to either a certain address or listen-port range?
If not, I guess our best option at this time is to advise
enabling "tcp_tw_recycle = 1" only while explicitely performing
local load/regression tests, and to disable it otherwise.
(This however means that running both automated continous integration
tests and any services for remote clients on the same system
would not mix well, as the setting could be "right" for only one
of them.)
> (1) use longer connections from the client side
Sure, in cases where that is under our control, we do exactly that.
> (2) have the client do the close(), so the client is the side to carry the
> TIME_WAIT state
In the load/regression test scenario, we are both server and client,
so I guess this would not help.
> (3) have the server use SO_LINGER with a timeout of 0, so that
> the connection is closed with a RST and the server carries no
> TIME_WAIT state
Potentially losing the end of some conversation is not really
an option for most protocols / use cases.
Regards,
Lutz Vieweg
next prev parent reply other threads:[~2017-03-16 17:31 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-15 20:30 [PATCH net-next 1/2] tcp: remove per-destination timestamp cache Soheil Hassas Yeganeh
2017-03-15 20:30 ` [PATCH net-next 2/2] tcp: remove tcp_tw_recycle Soheil Hassas Yeganeh
2017-03-15 22:40 ` [PATCH net-next 1/2] tcp: remove per-destination timestamp cache David Miller
2017-03-15 22:55 ` Willy Tarreau
2017-03-16 11:31 ` Lutz Vieweg
2017-03-16 15:40 ` Neal Cardwell
2017-03-16 16:05 ` Willy Tarreau
2017-03-16 17:30 ` Lutz Vieweg [this message]
2017-03-15 22:57 ` Florian Westphal
2017-03-15 23:45 ` David Miller
2017-03-15 22:59 ` Eric Dumazet
2017-03-15 23:45 ` David Miller
2017-03-16 0:06 ` Eric Dumazet
2017-03-19 7:53 ` Alexander Alemayhu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58CACBC9.40900@5t9.de \
--to=lvml@5t9.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=soheil.kdev@gmail.com \
--cc=soheil@google.com \
--cc=w@1wt.eu \
--cc=ycheng@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.