FIN_WAIT_2 connections on HP system

Hello!

I have compiled/installed Squid 2.1.Patch2 on a Hewlett-Packard D220
system running HP-UX 10.20 without problem. Compilation was error-free
using HP's own C/ANSI compiler. Installation was smooth as well.

Although Squid works well for us satisfying our proxying needs, a rather
serious problem exists. A lot (I mean a lot!) of network connections
between the proxy server and the browser clients remain in FIN_WAIT_2
state instead of being terminated.

All clients systems are using either Netscape Navigator 4.x or Internet
Explorer 4.x under Windows NT 4.0SP3 and are behind a firewall. The
firewall itself is implemented on a CISCO 2500 router running IOS 10.3.
The proxy server is outside of the firewall.

As I write this, Squid is up for a day and a half and there are
currently more than 800 network connections in FIN_WAIT_2 state:

amanda //>w
 10:06am up 1 day, 13:32, 1 user, load average: 0.06, 0.02, 0.03
User tty login@ idle JCPU PCPU what
root ttyp2 9:17am w
amanda //>
amanda //>netstat | grep FIN_WAIT_2 | wc -l
819

Shutting down Squid does not help in removing these FIN_WAIT_2
connections; a server reboot is required, so we reboot the system every
few days.

I have used the nettune command to lower the default values of
tcp_keepstart, tcp_keepstop and tcp_keepfreq HP-UX network parameters
to no avail. I have also modified some of the Squid timeout parameters
without much luck as well.

Timeout-related Squid parameters are included at the end of this mail.

Has anyone else encountered and hopefully solved a similar problem? Can
anyone provide pointers on what to look for? If you need more
information on our setup is required to help me, please let me know and
I would gladly provide them.

Thank you in advance,

Panayiotis

Panayiotis Kassapidis
e-mail: kassapidis@xanthi.cc.duth.gr

 P.S. Timeout-related parameters from squid.conf

# TIMEOUTS
#
------------------------------------------------------------------------=

-----

# TAG: connect_timeout time-units
# Some systems (notably Linux) can not be relied upon to properly
# time out connect(2) requests. Therefore the Squid process
# enforces its own timeout on server connections. This parameter
# specifies how long to wait for the connect to complete. The
# default is two minutes (120 seconds).
#
connect_timeout 120 seconds

# TAG: siteselect_timeout time-units
# For URN to multiple URL's URL selection
#
#siteselect_timeout 4 seconds

# TAG: read_timeout time-units
# The read_timeout is applied on server-side connections. After
# each successful read(), the timeout will be extended by this
# amount. If no data is read again after this amount of time,
# the request is aborted and logged with ERR_READ_TIMEOUT. The
# default is 15 minutes.
#
read_timeout 15 minutes

# TAG: request_timeout
# How long to wait for an HTTP request after connection
# establishment. For persistent connections, wait this long
# after the previous request completes.
#
request_timeout 30 seconds

# TAG: client_lifetime time-units
# The maximum amount of time that a client (browser) is allowed to
# remain connected to the cache process. This protects the Cache
# from having alot of sockets (and hence file descriptors) tied up
# in a CLOSE_WAIT state from remote clients that go away without
# properly shutting down (either because of a network failure or
# because of a poor client implementation). The default is one
# day, 1440 minutes.
#
# NOTE: The default value is intended to be much larger than any
# client would ever need to be connected to your cache. You
# should probably change client_lifetime only as a last resort.
# If you seem to have many client connections tying up
# filedescriptors, we recommend first tuning the read_timeout,
# request_timeout, pconn_timeout and quick_abort values.
#
client_lifetime 6 hours

# TAG: half_closed_clients
# Some clients may shutdown the sending side of their TCP
# connections, while leaving their receiving sides open.
Sometimes,
# Squid can not tell the difference between a half-closed and a
# fully-closed TCP connection. By default, half-closed client
# connections are kept open until a read(2) or write(2) on the
# socket returns an error. Change this option to 'off' and Squid
# will immediately close client connections when read(2) returns
# "no more data to read."
#
half_closed_clients off

# TAG: pconn_timeout
# Timeout for idle persistent connections to servers and other
# proxies.
#pconn_timeout 120 seconds
Received on Wed Feb 03 1999 - 09:26:15 MST