[CentOS] TIME_WAITs...

Mon Mar 2 15:07:45 UTC 2009
John Doe <jdmls at yahoo.com>

> > If I make 10000 rapid connections/selects/deconnections to mysql on this 
> > server, I get like 1 TW after around 3000, another TW around 6000 and another TW 
> > around 9000...  That makes 3 TWs only.  And they last 60 seconds...
> In your testing is the source IP the same for all with just different 
> source port?  Or are you varying your source IP as well?  I don't know 
> what spoofing smarts are in the kernel to detect SYN/ACK attacks. 

The source was the same on both servers (the one with thousands of TWs and the one with 3 TWs).

> Are you running Shorewall or any similar tool that will detect SYN/ACK 
> attacks and might be seeing this 'test' as an attack to limit?

No shorewall and no iptables rules.

> > When I googled for it, many people were pointing to the tcp_fin_timeout value 
> ...  Is it really related to TWs?
> Well, yes.  How long do you let a TW sit around waiting for a proper FIN 
> or even a RST?  Read the TCP RFC as to why there is a TW in the state 
> machine.  Boy has it been years since I cracked that one open...

I read about the connection handshake but I do not really see why setting the FIN_WAIT timeout would also set the TIME_WAIT timeout to the same value...  And I tried to set it at 30s and TWs did still last 60s.