Logging in to bogged down system?

Rick Stevens rstevens at vitalstream.com
Sat Apr 1 00:19:35 UTC 2006 

On Fri, 2006-03-31 at 13:59 -0700, karlp at ourldsfamily.com wrote:
> On Tue, March 28, 2006 7:30 pm, Rick Stevens said:
> > On Tue, 2006-03-28 at 17:17 -0800, Harold Hallikainen wrote:
> >> My FC4 system has been running great for months. But today, I headed
> >> for Arkansas and the server is in California. Once I got here to AR, I
> >> noticed that it was serving web pages real slowly. I logged in using
> >> ssh and ran top. I found a TON of httpd processes running, using, at
> >> that time, 86% of the processor time. I figured I'd try to reboot the
> >> system through ssh, but now I can't even get in to it that way. I
> >> connect, but the password is never requested. Instead, I get
> >> "ssh_exchange_identification: read: Connection reset by peer
> >> ". So, anything I can do from a couple thousand miles away?
> >
> > Just keep trying or get someone to hard boot it.  You should also
> > put the following tweaks in your /etc/sysctl.conf file to tweak
> > HTTP session handling:
> >
> > 	net.ipv4.tcp_fin_timeout = 1
> > 	net.ipv4.tcp_max_syn_backlog = 2048
> > 	net.ipv4.tcp_syn_retries = 3
> > 	net.ipv4.tcp_tw_recycle = 1
> > 	net.ipv4.tcp_tw_reuse = 1
> 
> Are these settings 'safe' for RH8.0 and RH9? I guess a better question is,
> are these settings used by 8.0 or 9?

They should be.  Just check /proc/sys/net/ipv4 and verify that the
last bits of the things above exist as filenames, e.g.:

	net.ipv4.tcp_fin_timeout = /proc/sys/net/ipv4/tcp_fin_timeout

If you want to just test them first without making them permanent, then
echo the value to the file, e.g.:

	echo "1" >/proc/sys/net/ipv4/tcp_fin_timeout

Note that they'll revert back to their previous settings if you DON'T
put them in /etc/sysctl.conf.

BTW, they're explained in the kernel's
"Documentation/networking/ip-sysctl.txt" file which is part of the
"kernel-doc" RPM.  It's also found in the various kernel source RPMs.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-   Never test for an error condition you don't know how to handle.  -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list