[networking-discuss] Possible IPF issue - TCP state not timing out : any suggestions

Wed, 28 Mar 2007 09:36:29 -0800 

All,

Any help will be greatly appreciated
The issue is, that device needs to handle large number of tcp connections, to do this, set IPF tcp state timeout value to small number to avoid 
keeping many dead states for long time. we can set ipf tcp
state timeout values by editing /etc/system or using command ipf -T. Verified 
the new values by ipf -T list and ipfstat -t (ttl).
However, I found that even with small timeout value, IPF keeps some
half-closed TCP states for very long time.  Is this a bug of IPF or I
did not set ipf tcp timeout correctly?  Solaris 10 11/06 release.

1) set tcp timeout values in /etc/system and verify by ipf -T

# ipf -T list | grep tcp
fr_tcpidletimeout min 0x1 max 0x7fffffff current 864000
fr_tcpclosewait min 0x1 max 0x7fffffff current 40
fr_tcplastack min 0x1 max 0x7fffffff current 50
fr_tcptimeout min 0x1 max 0x7fffffff current 60
fr_tcpclosed min 0x1 max 0x7fffffff current 30
fr_tcphalfclosed min 0x1 max 0x7fffffff current 30 2) create a half closed state (ST 7/11) # ipfstat -sl 
IBCF-linux1 -> hostname pass 0x40008502 pr 6 state 7/11 bkt 19433
tag 0 ttl 60
54798 -> 23 9e255c76:f124aab 5840<<0:49232<<0
cmsk 0000 smsk 0000 isc 0 s0 9e255bdf/0f1249a4
FWD:ISN inc 0 sumd 0
REV:ISN inc 0 sumd 0
forward: pkts in 70 bytes in 3798 pkts out 0 bytes out 0
backward: pkts in 0 bytes in 0 pkts out 52 bytes out 2978
pass in quick keep state IPv4
pkt_flags & 0(10000) = 1000, pkt_options & ffffffff = 0, ffffffff = 0 pkt_security & ffff = 0, pkt_auth & ffff = 0 
is_flx 0x1 0 0 0x1
interfaces: in bge0[bge0],-[] out -[],bge0[bge0]

3) This TCP state has been in half-closed state for more than 10 hours,
although its timeout value is 30 sec (halfclosed)!  The problem can be
reproduced consistently.
The system info is: 
# uname -a
SunOS hostname 5.10 Generic_118833-36 sun4u sparc SUNW,Sun-Fire-V240

# more /etc/release
Solaris 10 11/06 s10s_u3wos_10 SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 14 November 2006

thanks
Prameet


_______________________________________________
networking-discuss mailing list
[email protected]

Reply via email to