If I make 10000 rapid connections/selects/deconnections to mysql on this server, I get like 1 TW after around 3000, another TW around 6000 and another TW around 9000... That makes 3 TWs only. And they last 60 seconds...
In your testing is the source IP the same for all with just different source port? Or are you varying your source IP as well? I don't know what spoofing smarts are in the kernel to detect SYN/ACK attacks.
The source was the same on both servers (the one with thousands of TWs and the one with 3 TWs).
Are you running Shorewall or any similar tool that will detect SYN/ACK attacks and might be seeing this 'test' as an attack to limit?
No shorewall and no iptables rules.
When I googled for it, many people were pointing to the tcp_fin_timeout value
... Is it really related to TWs? Well, yes. How long do you let a TW sit around waiting for a proper FIN or even a RST? Read the TCP RFC as to why there is a TW in the state machine. Boy has it been years since I cracked that one open...
I read about the connection handshake but I do not really see why setting the FIN_WAIT timeout would also set the TIME_WAIT timeout to the same value... And I tried to set it at 30s and TWs did still last 60s.
Thx, JD