Re: [squid-users] netstat listings shows SYN_RECV all the time from Henrik Nordstrom on 2003-07-16 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 16 Jul 2003 19:47:38 +0200

ons 2003-07-16 klockan 18.33 skrev ronny:
> Peace to all,
> Now i made this netstat -n command on my cashing server and got many
> SYN_RECV messages on port 3128 from most of our customer IP's yet
> others have connction ESTABLISHED .how can I stop this is there a
> problem in our squid response to some requests?

This most likely indicates that there is some connection between Squid
and your customers which is overloaded or performing badly. For example
if you have a lot of modem or other slow link users in which case it is
quite normal as the customers modems quite often are busy transferring
data to the customer, causing delays on new connections.

TCP packet/state diagram:

SYN -> SYN_RECV -> SYN+ACK
ACK -> ESTABLISHED

>From the above you can se that if it takes a long time to deliver the
SYN+ACK packet to the client, or long for the client to deliver the ACK
packet back then you will have many visible sockets in SYN_RECV state.

Configuring RAS servers, routers etc to not use a too large queue on
slow links helps in reducing this delay, but comes at a price in TCP
efficiency.

Having sockets in SYN_RECV state is usually no problem for modern
operating systems, but you may want to enable SYN flood protection
mechanisms such as SYNCOOKIES to be on the safe side in case there is a
sudden surge of SYN_RECV sockets. If not new connections can not be made
if the TCP backlog gets full with SYN_RECV sockets.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Wed Jul 16 2003 - 11:47:52 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:01 MST