[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SLAPD_LISTEN increase





--On Wednesday, May 04, 2005 11:35 PM -0700 Quanah Gibson-Mount <quanah@stanford.edu> wrote:

I will note that this advisory is from 1996, so I'm not sure how much the
SYN flood issue applies... Given the rather large targets painted on
Stanford's servers, if it were an issue I'm fairly certain we'd have seen
it before.

The ndd parameter listed has also changed names since the advisory was
written.  It is:

tcp_conn_req_max_q

now.


I personally tune my ndd settings already, although my tcp_conn_req_max_q is only 1024. I'm somewhat curious about the adb line, and if that has changed somewhat since then.

Reading Sun's current documentation notes that

tcp_conn_req_max_q

should be less than

tcp_conn_req_max_q0

which is what replaces the adb line in modern Solaris.

See <http://docs.sun.com/app/docs/doc/817-1759/6mhfh76h3?a=view>

It looks like setting:

tcp_conn_req_max_q0 to 10240 may help resolve issues, along with increasing
tcp_conn_req_max_q


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin