From: Olaf Kirch <okir@suse.de>
Subject: NFS over TCP: random drop
Date: Tue, 16 Mar 2004 12:11:49 +0100
Sender: nfs-admin@lists.sourceforge.net
Message-ID: <20040316111149.GS25405@suse.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Return-path: <nfs-admin@lists.sourceforge.net>
Received: from sc8-sf-mx1-b.sourceforge.net ([10.3.1.11] helo=sc8-sf-mx1.sourceforge.net)
	by sc8-sf-list2.sourceforge.net with esmtp (Exim 4.30)
	id 1B3CVX-00038o-U0
	for nfs@lists.sourceforge.net; Tue, 16 Mar 2004 03:13:15 -0800
Received: from ns.suse.de ([195.135.220.2] helo=Cantor.suse.de)
	by sc8-sf-mx1.sourceforge.net with esmtp (TLSv1:DES-CBC3-SHA:168)
	(Exim 4.30)
	id 1B3CVX-0002E7-2h
	for nfs@lists.sourceforge.net; Tue, 16 Mar 2004 03:13:15 -0800
Received: from hermes.suse.de (Hermes.suse.de [195.135.221.8])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by Cantor.suse.de (Postfix) with ESMTP id AA2CA30320D
	for <nfs@lists.sourceforge.net>; Tue, 16 Mar 2004 12:11:49 +0100 (CET)
To: nfs@lists.sourceforge.net
Errors-To: nfs-admin@lists.sourceforge.net
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/nfs>,
	<mailto:nfs-request@lists.sourceforge.net?subject=unsubscribe>
List-Id: Discussion of NFS under Linux development,
	interoperability,
	and testing. <nfs.lists.sourceforge.net>
List-Post: <mailto:nfs@lists.sourceforge.net>
List-Help: <mailto:nfs-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/nfs>,
	<mailto:nfs-request@lists.sourceforge.net?subject=subscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=nfs>

Hi,

I am looking into an NFS problem at one of our customers. They are
running NFS over TCP, and the client is some kind of mainframe OS.

What happens is this:

client:		initiates connections, 3way handshake completes
server:		closes connection (FIN)
client:		(at the same moment) sends data to server
server:		RST
client:		argh (reports EIO to application)

What seems to happen here is the random connection drop in svcsock.c,
where we randomly drop a connection if the total number of TCP connections
exceeds (nrthreads + 3) * 10.  "Randomly" here means either the oldest
connection, or the newest one (which happens to be the one we just
accepted).

The specific problem we have here is that the client doesn't grok TCP RSTs
generated by the server. It's arguably a client bug, but I'm nevertheless
thinking about a way to work around this

Possible solutions:

 -	always drop the oldest connection. The current strategy doesn't
 	help much against DoS anyway, because rather than dropping
	old connections for _every_ new one, we drop them for every
	two new connections. Big improvement :)

 -	Create a sysctl that allows to set a hard limit for active
 	TCP connections.

 -	increase the "random drop" threshold to something like
 	(nrthreads + 3) * 100.

Any comments?

Olaf
-- 
Olaf Kirch     |  Stop wasting entropy - start using predictable
okir@suse.de   |  tempfile names today!
---------------+ 


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs