From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: public-inbox.org VPS hopefully stable, now...
Date: Mon, 14 Oct 2024 22:48:22 +0000 [thread overview]
Message-ID: <20241014224822.M489222@dcvr> (raw)
I've got a lot of orphaned sockets and OOM from the kernel the
past few days. It's a combination of kernel TCP memory use,
OpenSSL, zlib, glibc malloc, Perl 5, and probably other things...
It looks like a lot of bot traffic trying to scrape IMAP(S),
too :<
WolfSSL might be an option via Inline::C *shrug*
I've cut down on connections and via iptables/ip6tables
connlimit and state modules; still not sure where they
should be atm..
Current sysctls are here, many limits lowered from defaults.
Mostly going off Documentation/networking/ip-sysctl.rst in
linux.git
I'm not 100% sure about many of these so holler if you see anything
amiss...
net.core.somaxconn = 128
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_retries2 = 8 # default 15
net.ipv4.tcp_orphan_retries = 1 # default 8
net.ipv4.tcp_max_orphans = 2048 # default 4096
# Things will probably be worse for LFNs w/ smaller tcp_wmem
net.ipv4.tcp_rmem = 4096 16384 65536
net.ipv4.tcp_wmem = 4096 16384 65536
# tcp_mem thresholds untouched atm..
net.netfilter.nf_conntrack_tcp_timeout_established = 600
# can probably drop this...
net.netfilter.nf_conntrack_max = 30000
I "only" have 1GB of RAM since it's the cheapest available
(32-bit userspace, x86_64 kernel). Getting more RAM or CPU
is absolutely NOT an option; optimizing data structures,
code and tweaking knobs are the only ways to fix this.
Down with consumerism!
reply other threads:[~2024-10-14 22:48 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://public-inbox.org/README
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241014224822.M489222@dcvr \
--to=e@80x24.org \
--cc=meta@public-inbox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).