Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 4 subscribers
  • Views 23948 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Concurrent Connections - what happens when you hit the limit

rav3ndk
Hi all,

I have recently upgraded my Astaro 6.311 to 7.009 and I can see that there is a major reduction on the allowed concurrent connections from 32000 to 1000.

Does anyone knows what happens when you hit the concurrent connections limit ? Will the traffic then just be queued which then for example could result in high ping times / lag when I am gaming ?

Kind regards,
Lars-Heine


This thread was automatically locked due to age.
  • 0 in reply to BarryG
    Seems like dropping ip_conntrack_tcp_timeout_established to a day or so (86400) should help immensely. Could even try going as low as an hour or less for testing.

    The rest of the timeouts seem sane. What types of connections make up the rest of your entries in ip_conntrack?

    I would would lower your max connection count for your P2P apps to 50, you really don't need more than that unless you have a huge amount of bandwidth.
  • 0 in reply to drees
    I lowered it to an hour; didn't make much difference (5-10% at most).

    Most of the established connections are eMule TCP connections.

    I've got 8mbps in, 768k out.

    I've lowered the max connections some more; it doesn't seem to make much difference.

    Thanks,
    Barry
  • 0 in reply to BarryG
    I'll ask again: What types of connections make up the rest of your entries in ip_conntrack? It would be helpful to get a count of each connection type.
    I lowered it to an hour; didn't make much difference (5-10% at most).
    Yeah, I suspected that would happen. It will only cut down on connections that are open and have timed out which don't have any traffic flowing over them.
    Most of the established connections are eMule TCP connections.
    See my first question above. [:)]
    I've lowered the max connections some more; it doesn't seem to make much difference.
    How much more?
  • 0 in reply to drees
    Hmm... after 3 days, the connections have gone down to between 600 and 700.

    I don't know how much of that was from changing the timeout (to 1 hour), and how much from changing the client's max connections (to 150 for both eMule and Azureus).

    Anyways, currently, there are 632 connections:
    1 ICMP
    330 UDP
    301 TCP

    78 connections are outgoing P2P from my PC to external IPs.
    The rest are incoming P2P connections.

    1/3 of the connections are eMule, the rest are BitTorrent.

    Of the 272 incoming TCP connections:
    238 ESTABLISHED
    32 TIME_WAIT
    1 SYN_RECV
    1 CLOSE


    My guess is that remote clients aren't closing their connections.

    Thanks!
    Barry
  • 0 in reply to BarryG
    Do all the established connections on the firewall match up with the established connections you see on your client PC?
  • 0 in reply to drees
    At the moment, windows shows 39 established connections, and ASL shows 137.

    I spot checked a couple of the windows ones on ASL, and yes, there are corresponding entries.

    Thanks,
    Barry
  • 0 in reply to BarryG


    My guess is that remote clients aren't closing their connections.

    Barry


    That's probably what's happening.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Unfiltered HTML