|
HP OpenVMS Systems Documentation |
|
HP TCP/IP Services for OpenVMS
|
| Previous | Contents | Index |
The socket subsystem attributes control the maximum number of pending connection attempts per server socket (that is, the maximum depth of the listen or SYN queue) and other behavior. You may be able to improve server performance by modifying the socket subsystem attributes described in Table 2-2.
| Attribute | Description |
|---|---|
| somaxconn | Controls the maximum number of pending TCP connections. |
| sominconn | Controls the minimum number of pending TCP connections. |
| sb_max | Controls the maximum size of a socket buffer. |
In addition, the
socket
subsystem attributes
sobacklog_hiwat
,
sobacklog_drops
, and
somaxconn_drops
track events related to socket listen queues. By monitoring these
attributes, you can determine whether the queues are overflowing.
2.1.5.1 Increasing the Maximum Number of Pending TCP Connections
The socket subsystem attribute somaxconn specifies the maximum number of pending TCP connections (the socket listen queue limit) for each server socket (for example, for the HTTP server socket). Busy servers often experience large numbers of pending connections. If the listen queue connection limit is too small, incoming connection requests may be dropped. Pending TCP connections can be caused by lost packets in the internet or denial of service (DOS) attacks.
The default value for somaxconn is 1024.
HP recommends increasing the
somaxconn
attribute to the maximum value, except on low-memory systems. The
maximum value is 65535. Specifying a value that is higher than the
maximum value can cause unpredictable behavior.
2.1.5.2 Increasing the Minimum Number of Pending TCP Connections
The socket subsystem attribute sominconn specifies the minimum number of pending TCP connections (backlog) for each server socket. This attribute controls how many SYN packets can be handled simultaneously before additional requests are discarded. Network performance can degrade if a client saturates a socket listen queue with erroneous TCP SYN packets, effectively blocking other users from the queue.
The value of the sominconn attribute overrides the application-specific backlog value, which may be set too low for some server software. If you do not have your application source code, you can use the sominconn attribute to set a sufficient pending-connection quota.
The default value is 0.
HP recommends increasing the value of the
sominconn
attribute to the maximum value of 65535. The value of the
sominconn
attribute should be the same as the value of the
somaxconn
attribute (see Section 2.1.5.1).
2.1.5.3 Increasing the Maximum Size of a Socket Buffer
The socket subsystem attribute sb_max specifies the maximum size of a socket buffer.
Performance Benefits and Tradeoffs
Increasing the maximum size of a socket buffer may improve performance if your applications can benefit from a large buffer size.
You can modify the sb_max attribute without rebooting the system.
When to Tune
If you require a large socket buffer, increase the maximum socket buffer size.
Recommended Values
The default value of the
sb_max
attribute is 128 KB. Increase this value before you increase the size
of the transmit and receive socket buffers.
2.1.6 Modifying Internet Subsystem Attributes
You may be able to improve inet subsystem performance by modifying the attributes described in Table 2-3.
| Attribute | Description |
|---|---|
| tcbhashsize | Controls the size of a TCP hash table. |
| tcbhashnum | Specifies the number of TCP hash tables. |
| inifaddr_hsize | Controls the size of the kernel interface alias table. |
| tcp_keepinit | Specifies the TCP partial connection timeout rate. |
| tcp_rexmit_interval_min | Specifies the rate of TCP retransmissions. |
| tcp_keepalive_default | Enables or disables the TCP keepalive function. |
| tcp_msl | Specifies the TCP connection context timeout rate. |
| tcp_nodelack | Delays acknowledgment messages after the receipt of network frames. |
| ipport_userreserved | Specifies the maximum value for the range of outgoing connection ports. |
| ipport_userreserved_min | Specifies the minimum value for the range of outgoing connection ports. |
| pmtu_enabled | Enables or disables use of the PMTU protocol. |
| ipqmaxlen | Prevents dropped input packets. |
You can modify the size of the hash table that the kernel uses to look up Transmission Control Protocol (TCP) control blocks. The inet subsystem attribute tcbhashsize specifies the number of hash buckets in the kernel TCP connection table (the number of buckets in the inpcb hash table).
Performance Benefits and Tradeoffs
The kernel must look up the connection block for every TCP packet it receives, so increasing the size of the table can speed the search and improve performance. This results in a small increase in pooled memory.
You can modify the tcbhashsize attribute without rebooting the system.
When to Tune
Increase the number of hash buckets in the kernel TCP connection table if you have an Internet server.
Recommended Values
The default value of the
tcbhashsize
attribute is 512. For Internet servers, set the
tcbhashsize
attribute to 16384.
2.1.6.2 Increasing the Number of TCP Hash Tables
You can increase the number of hash tables the kernel uses to look up TCP control blocks. Because the kernel must look up the connection block for every Transmission Control Protocol (TCP) packet it receives, a bottleneck may occur at the TCP hash table in SMP systems. Increasing the number of tables distributes the load and may improve performance. The inet subsystem attribute tcbhashnum specifies the number of TCP hash tables.
Performance Benefits and Tradeoffs
For SMP systems, you may be able to reduce hash table lock contention by increasing the number of hash tables that the kernel uses to look up TCP control blocks. This will slightly increase pooled memory.
You cannot modify the tcbhashnum attribute without rebooting the system.
When to Tune
Increase the number of TCP hash tables if you have an SMP system that is an Internet server.
Recommended Values
The minimum value of the
tcbhashnum
attribute is 1 (the default). The maximum value is 64. For busy server
SMP systems, you can increase the value of the
tcbhashnum
attribute to 16. If you increase this attribute, you should also
increase the size of the hash table by a similar factor. See
Section 2.1.6.1 for more information.
2.1.6.3 Increasing the Size of the Kernel Interface Alias Table
The inet subsystem attribute inifaddr_hsize specifies the number of hash buckets in the kernel interface alias table ( in_ifaddr ).
If a system is used as a server for many different server domain names, each of which is bound to a unique IP address, the code that matches arriving packets to the right server address uses the hash table to speed lookup operations for the IP addresses.
Performance Benefits and Tradeoffs
Increasing the number of hash buckets in the table can improve performance on systems that use large numbers of aliases.
When to Tune
Increase the number of hash buckets in the kernel interface alias table if your system uses large numbers of aliases.
You can modify the inifaddr_hsize attribute without rebooting the system.
Recommended Values
The default value of the inet subsystem attribute inifaddr_hsize is 32; the maximum value is 512.
For the best performance, the value of the
inifaddr_hsize
attribute is always rounded down to the nearest power of 2. If you are
using more than 500 interface IP aliases, specify the maximum value of
512. If you are using fewer than 250 aliases, use the default value of
32. For a number of aliases between 250 and 500, use a value that is a
power of 2 between 32 and 512.
2.1.6.4 Increasing the TCP Partial Connection Timeout Rate
If increasing the somaxconn limit does not prevent the listen queue from filling, or if the default grows to an excessive length, you can make partial connections time out sooner by decreasing the value of the inet subsystem attribute tcp_keepinit .
The tcp_keepinit attribute specifies the amount of time that a partial connection remains on the socket listen queue before it times out. Partial connections consume socket listen queue slots and fill the queue with connections in the SYN_RCVD state.
Performance Benefits and Tradeoffs
Network performance can degrade if a client overfills a socket listen queue with TCP SYN packets, thereby blocking other users from the queue. To eliminate this problem, increase the value of the sominconn attribute to its maximum value. If the system continues to drop SYN packets, decrease the value of the tcp_keepinit attribute to 30 (15 seconds). Monitor the values of the sobacklog_drops and somaxconn_drops attributes to determine whether the system is dropping packets. (See Section 2.1.7 for more information about event counters.)
You can modify the tcp_keepinit attribute without rebooting the system.
When to Tune
Modify the TCP partial-connection timeout limit if the value of the somaxconn_drops attribute increases often. If this occurs, decrease the value of the tcp_keepinit attribute.
Recommended Values
The value of the tcp_keepinit attribute is in units of 0.5 seconds. The default value is 150 units (75 seconds). If the value of the sominconn attribute is 65535, use the default value of the tcp_keepinit attribute.
If you set the value of the
tcp_keepinit
attribute too low, you may prematurely break connections associated
with clients on network paths that are slow or network paths that lose
many packets. Do not set the value to less than 20 units (10 seconds).
2.1.6.5 Slowing TCP Retransmission Rate
The inet subsystem attribute tcp_rexmit_interval_min specifies the minimum amount of time before the first TCP retransmission.
Performance Benefits and Tradeoffs
You can increase the value of the tcp_rexmit_interval_min attribute to slow the rate of TCP retransmissions, which decreases congestion and improves performance.
You can modify the tcp_rexmit_interval_min attribute without rebooting the system.
When to Tune
Not every connection needs a long retransmission time. Usually, the default value is adequate. However, for some wide area networks (WANs), the default retransmission interval may be too small, causing premature retransmission timeouts. This may lead to duplicate transmission of packets and the erroneous invocation of the TCP congestion-control algorithms.
To check for retransmissions, use the netstat -p tcp command and examine the output for data packets retransmitted.
Recommended Values
The tcp_rexmit_interval_min attribute is specified in units of 0.5 second. The default value is 2 units (1 second).
Do not specify a value that is less than 1 unit. Do not change the
attribute unless you fully understand TCP algorithms and your network
topology.
2.1.6.6 Enabling the TCP Keepalive Function
The keepalive function enables the periodic transmission of messages on a connected socket in order to keep connections active. Sockets that do not exit cleanly are cleaned up when the keepalive interval expires. If keepalive is not enabled, those sockets continue to exist until you reboot the system.
Applications enable keepalive for sockets by setting the setsockopt function's SO_KEEPALIVE option. To override programs that do not set keepalive , or if you do not have access to the application sources, use the inet subsystem attribute tcp_keepalive_default to enable keepalive functionality.
Performance Benefit
Keepalive functionality cleans up sockets that do not exit cleanly when the keepalive interval expires.
You can modify the tcp_keepalive_default attribute without rebooting the system. However, sockets that already exist will continue to use old behavior, until the applications are restarted.
When to Tune
Enable keepalive if you require this functionality, and you do not have access to the source code.
Recommended Values
To override programs that do not set keepalive, or if you do not have access to application source code, set the inet subsystem attribute tcp_keepalive_default to 1 in order to enable keepalive for all sockets.
If you enable keepalive, you can also configure the TCP options listed in Table 2-4 for each socket.
| Option | Description |
|---|---|
| tcp_keepidle | Specifies the amount of idle time, in seconds, before sending a keepalive probe. The default interval is two hours. |
| tcp_keepintvl | Specifies the amount of time, in seconds, between retransmission of keepalive probes. The default interval is 75 seconds. |
| tcp_keepcnt | Specifies the maximum number of keepalive probes that are sent before the connection is dropped. The default is 8 probes. |
| tcp_keepinit | Specifies the maximum amount of time, in seconds, before an initial connection attempt times out. The default is 75 seconds. |
The TCP protocol includes a concept known as the Maximum Segment Lifetime (MSL). When a TCP connection enters the TIME_WAIT state, it must remain in this state for twice the value of the MSL; otherwise, undetected data errors on future connections can occur. The inet subsystem attribute tcp_msl determines the maximum lifetime of a TCP segment and the timeout value for the TIME_WAIT state.
In some situations, the default timeout value for the TIME_WAIT state (60 seconds) is too large, thereby reducing the value of the tcp_msl attribute frees connection resources sooner than the default setting.
Performance Benefits and Tradeoffs
You can decrease the value of the tcp_msl attribute to make the TCP connection context time out more quickly at the end of a connection. However, this will increase the chance of data corruption.
You can modify the tcp_msl attribute without rebooting the system.
When to Tune
Usually, you do not have to modify the timeout limit for the TCP connection context.
Recommended Values
The value of the tcp_msl attribute is set in units of 0.5 second. The default value is 60 units (30 seconds), which means that the TCP connection remains in TIME_WAIT state for 60 seconds, or twice the value of the MSL.
Do not reduce the value of the
tcp_msl
attribute unless you fully understand the design and behavior of your
network and the TCP protocol. It is strongly recommended that you use
the default value; otherwise, there is the potential for data
corruption.
2.1.6.8 Disabling Delayed Acknowledgment
The TCP/IP software can send an acknowledgment packet for every frame received over the network. However, this is an inefficient mode of operation. The tcp_nodelack attribute controls the delay of acknowledgment messages.
When this attribute is set to 0 (the default), network traffic is
greatly reduced. If you set this attribute to 1, an acknowledgment
message is sent for every frame received, increasing network traffic
and impacting the performance of the network server.
2.1.6.9 Modifying the Range of Outgoing Connection Ports
When a TCP or UDP application creates an outgoing connection, the kernel dynamically allocates a nonreserved port number for each connection. The kernel selects the port number from a range of values between the value of the inet subsystem attribute ipport_userreserved_min and the value of the ipport_userreserved attribute. Using the default values for these attributes, the range of outgoing ports starts at 49152 and stops at 65535.
Performance Benefits and Tradeoffs
Modifying the range of outgoing connections provides TCP and UDP applications with a specific range of ports.
You can modify the ipport_userreserved_min and ipport_userreserved attributes without rebooting the system.
When to Tune
If your system requires outgoing ports from a particular range, you can modify the values of the ipport_userreserved_min and ipport_userreserved attributes.
Recommended Values
The default value of the ipport_userreserved_min attribute is 49152. The default value of the ipport_userreserved is 65535. The maximum value of each attribute is 65535.
Do not reduce the
ipport_userreserved
attribute to a value that is less than 65535, and do not reduce the
ipport_userreserved_min
attribute to a value that is less than 49152.
2.1.6.10 Disabling Use of the PMTU Protocol
Packets transmitted between servers are fragmented into units of a specific size in order to ease transmission of the data over routers and small-packet networks, such as Ethernet networks. When the inet subsystem attribute pmtu_enabled is enabled (set to 1, which is the default behavior), the system determines the largest common path maximum transmission unit (PMTU) value between servers and uses it as the unit size. The system also creates a routing table entry for each client network that attempts to connect to the server.
Performance Benefits and Tradeoffs
If a server handles traffic among many remote clients, disabling the use of a PMTU can decrease the size of the kernel routing table, which improves server efficiency. However, on a server that handles local traffic and some remote traffic, disabling the use of a PMTU can degrade bandwidth.
When to Tune
If an Internet server has poor performance and the routing table increases to more than 1000 entries, you should disable the use of PMTU. This is also recommended if you have a server that handles traffic among many remote clients.
Recommended Values
To disable the use of PMTU protocol, set the value of the pmtu_enabled attribute to 0.
| Previous | Next | Contents | Index |