We have migrated to new Google sites!
Socket Tuning
For servers which are handling large numbers of concurent sessions, there are some TCP options that should probably be tweaked.
With a large number of clients comnunicating with your server it wouldn't be unusual to have a 20,000 open sockets or more. To increase that range you append the following to the bottom of /etc/sysctl.conf:
# Use the full range of ports.
net.ipv4.ip_local_port_range = 1024 65535
You can also increase the recycling time of sockets, avoiding large numbers of them staying in the TIME_WAIT status by adding these values to/etc/sysctl.conf:
# Enables fast recycling of TIME_WAIT sockets.
# (Use with caution according to the kernel documentation!)
net.ipv4.tcp_tw_recycle = 1
# Allow reuse of sockets in TIME_WAIT state for new connections
# only when it is safe from the network stack’s perspective.
net.ipv4.tcp_tw_reuse = 1
Finally one problem you'll find is that if a socket is listening and busy a connection-backlog will pile up. The kernel will keep pending connections in a buffer before failing. You can tweak several values to increase the size of the backlog:
#
# 16MB per socket - which sounds like a lot, but will virtually never
# consume that much.
#
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
# Increase the number of outstanding syn requests allowed.
# c.f. The use of syncookies.
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_syncookies = 1
# The maximum number of "backlogged sockets". Default is 128.
net.core.somaxconn = 1024
The trade-off here is that a connecting client will see a slow connection, but this is almost certainly better than a Connection Refused error.
Once you've made those additions you can cause them to be loaded by running:
# sysctl -p
Finally if you've changed these limits you will need to restart the associated daemons. (For example "service nginx restart".)