## Wednesday, December 17, 2008

### work that terminal award, command of the week

'Tis the season to be jolly, or jolly busy as we are in the waccy world of online retail.
In fact thats 99.99% of the reason i've been so quite recently.

But naturally, at this time of year, our thoughts turn to such questions as "how many MaxClients should I have?" and "are keepalives better or worse for overall performance?" but the question exercising our minds today has been "what *are* all those ip_conntrack entries?".

Rewind a little... a) I turned keepalives off, and reduced MaxClients, things seemed to be more controlled without all those idle processes ready to receive requests with no warning.
b) We'd always had a low but persistent number of "can't connect", or "no html" errors reported by external beacons, and when we applied test loads this went through the roof.

So today, dmesg says.. ip_conntrack: table full, dropping packet.

Which brings me to the point of this post, we increased the size of the table in line with the unverified facts, lies, and dodgy misinformation prevelant on the web ;-)

That helped, but now we want to know whats in the ip_conntrack?

Enter the victor of the command of the week award..

grep ^tcp /proc/net/ip_conntrack | awk '{print \$4}' | sort | uniq -c
Whos output turns a whole mess of gobbledy gook into something like this:

196 CLOSE    14 CLOSE_WAIT 28380 ESTABLISHED    11 FIN_WAIT     3 LAST_ACK   786 SYN_RECV 18101 TIME_WAIT

Knowedge is power, have an award Patrick Schaaf. :-)