* Triple Duplicate Acks
@ 2008-06-19 13:47 A System Admin
0 siblings, 0 replies; only message in thread
From: A System Admin @ 2008-06-19 13:47 UTC (permalink / raw)
To: netfilter
Netfilter list,
We are seeing a fair amount of Triple Duplicate Acks between a
webserver that is using the following nat table prerouting redirect
and an application server....
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -d <another hosts IP address> -j REDIRECT
COMMIT
Here is our conntrack tcp parameters:
# for i in `ls /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp*` ; do
echo "$i" && cat $i ; done
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
0
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose
3
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_max_retrans
3
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
10
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
60
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
432000
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
120
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_last_ack
30
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_max_retrans
300
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_recv
60
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_sent
120
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
120
#
Is there anything that can be done from the conntrack perspective to
lessen/eliminate the Triple Duplicate Acks?
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-06-19 13:47 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-06-19 13:47 Triple Duplicate Acks A System Admin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox