Yeah but what to do when you have a very loaded squid server with more
than 15000 req/min ...you will notice in /var/log/messages that kernel
is sending syn cookies and slowing down requests coming to port 3128 !
On Sat, Apr 23, 2011 at 7:51 PM, Jim Binder <jbinder_at_cyphort.com> wrote:
> syn cookies are a feature of the tcp stack to delay setting up full tcp state to avoid resource starvation and to avoid syn floods (lots of syns never completed freezing out good new connections.)
>
> James S. Binder
>
> 408.761.1403 (cell)
>
>
>
>
> On Apr 23, 2011, at 9:02 AM, Marcus Kool <marcus.kool_at_urlfilterdb.com> wrote:
>
>> When a TCP connection is established, TCP SYN packets are exchanged.
>> Blocking SYN packets is the same as blocking all TCP traffic.
>>
>>
>> Andreas Braathen wrote:
>>> I tried it, but it did not change anything. Squid still sends SYN packets to establish state with destination.
>>> Any other suggestions?
>>>> edit /etc/sysctl.conf
>>>> change net.ipv4.tcp_syncookies=1 to net.ipv4.tcp_syncookies=0 and
>>>> reboot. dont forget to remove the # from the beginning of the line.
>>>>
>>>> On Sat, Apr 23, 2011 at 5:39 PM, Andreas Braathen
>>>> <andreas.braathen_at_andtux.net> wrote:
>>>>> Squid is sending SYN packets to destination when receiving GET request from internals hosts. I want Squid to forward the GET request. How is this possible?
>>>>>
>
Received on Sat Apr 23 2011 - 16:54:03 MDT
This archive was generated by hypermail 2.2.0 : Sat Apr 23 2011 - 12:00:04 MDT