On Fri, 22 Oct 2010, Joerg Sonnenberger wrote:
On Fri, Oct 22, 2010 at 11:01:03PM +0200, Manuel Bouyer wrote:Did you check if squid is hitting some ressource limit, maybe file descriptors ?Or sockets in time wait state.
Tuan (my co-worked) will correct me if I'm wrong, but it's proving to be an ipfilter problem. With ipfilter disabled, there are literally zero errors (we did up file descriptors to 8192 BTW).
On a related issue, we are also seeing very slow rsync transfers under some circumstances. Again these are fixed by disabling ipfilter.
The ipf.conf files are quite complex and are built up automatically from a machine-wide configuration file that includes things like:
- ip address and netmasks - firewall security level - NAT on/offI've recommended to start from a simple ipf.conf (basically just pass in all/pass out all) and build up from there to see if we can work out what triggers the problem.
-- Stephen