- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: connection limit
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2008 02:13 AM
тАО03-19-2008 02:13 AM
Every attempt looks like this:
bbnh2:(/root/home/root)(root)#telnet localhost 113
Trying...
telnet: Unable to connect to remote host: Can't assign requested address
bbnh2:(/root/home/root)(root)#telnet bbnh3 22
Trying...
telnet: Unable to connect to remote host: Can't assign requested address
### but incoming connection to bbnh2 from other machine works:
bbnh3:(/root/home/root)(root)#telnet bbnh2 113
Trying...
Connected to bbnh2...
As it doesn't work also for localhost, it can't be problem with network cables/lan cards. Nothing is printed to syslog/dmesg.
The number of open network connections (netstat -n|wc -l) is not high ~ 800. I have seen it was 2000 when it was working.
What other parameters affect the number of connections?
I have checked with sar and the only difference is number of open files:
file-sz 5836/194058 (when it works)
file-sz 18677/194058 (when it DOESN'T work)
It is a lot higher, but still under the limit...
Can you advise what else to check?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2008 02:32 AM
тАО03-19-2008 02:32 AM
Re: connection limit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2008 02:41 AM
тАО03-19-2008 02:41 AM
Re: connection limit
Are you using any special name resolution method? Does it work for IP addresses instead of names?
Either of these may be malfunctioning intermittently (probably because of load) and you get the failures.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2008 02:41 AM
тАО03-19-2008 02:41 AM
Re: connection limit
Here is the startup script which enable this logging.
/sbin/rc2.d/S300nettl.
Even though i dont suspect if that is a cable/card problem.
What about trying the ssh when failing which will try connecting through port 22.
#ssh -vvv localhost@root
it is good to start the nettl trace logging ;then attempt a failing connection; stop the nettl trace logging; this will provide enough logs to check
Below method i used when i had ssh connectity issue(only port 22)
On recurrence
1) attach tusc to running sshd and put it in the background with &
# ps -ef|grep sshd
# tusc -Eeaf -p -v -rall -wall -vall -T '' -o /tmp/sshd_tusc.txt
2) start nettl trace
# nettl -tn all -tm 10M -e ns_ls_ip -f /tmp/sshd
3) attempt ssh to root@localhost in verbose mode with tusc attached
# tusc -Eeaf -p -v -rall -wall -vall -T '' -o /tmp/ssh_tusc.txt ssh -vvv root@localhost
4) when it fails, stop the nettl trace
# nettl -tf -e all
5) bring the tusc of sshd back to the foreground
# fg
6) detach tusc of sshd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2008 05:00 AM
тАО03-19-2008 05:00 AM
Re: connection limit
TTr: No, IPFilter is not installed. We use /etc/hosts resolution mainly, but at least localhost should work. I will try the IP address also.
Santhosh: I tried logging with tcpdump, but did not receive any packet - probably the connect() call failed with the error specified above, so no packet is sent away.
I am not familiar with tusc (only strace on linux), but I will try...
And do you know of any kernel parameter or something that could be causing this behaviour?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2008 05:20 AM
тАО03-19-2008 05:20 AM
Re: connection limit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2008 05:35 AM
тАО03-19-2008 05:35 AM
Re: connection limit
But pinging this machine from some other certainly works, because otherwise the monitoring would report the machine as down/not accessible. Also all other incoming connections work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-20-2008 09:17 AM
тАО03-20-2008 09:17 AM
SolutionThe error message sounds like telnet was trying to bind to an IP/port pair that was already in use. Netstat -n will only show established connections, what you should be using is netstat -an | wc -l and I suspect, based on the much larger number of open files when it doesn't work you will see lots of connections in TIME_WAIT.
The suggestion to tusc things is good, but I'd tusc your telnet commands rather than the sshd.
I suspect what is happening is something is exhausting the supply of "anonymous" (aka ephemeral) ports on the system. That port range is from tcp_smallest_anon_port to tcp_largest_anon_port which goes from 49152 to 65535 respectively. That is 16384 ports, which happens to be a number very close to the number of file descriptors in use when things fail.
The bind() call is probably what is failing on the telnet commands (see your tusc output) . Telnet may be relying on the implicit bind() call made by connect() when there is no bind() call made. That will then rely on the anonymous port space.
A TCP connection is fully named by the four- tuple of local/remote IP and local/remote port. The incoming connections work because the local IP and port have already been picked, and the remotes are supplying the other half.
The outgoing aren't working because there is no more anonymous port to select for the "client" half. The stack (well when bind() is called rather than connect()) has no idea what the remote IP/port will be to make sure that the new connection will have a unique name, so it fails the call.
Ways to workaround this:
*) Find what is churning through so many connections and get it to stop.
*) tune tcp_smallest_anon_port to something like 32768 or lower
*) get applications to start making "explicit" bind() calls that select a local IP and port in the full range of say 5000 to 65535 and from among the more than one (?) IP addresses on the system
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-20-2008 12:19 PM
тАО03-20-2008 12:19 PM
Re: connection limit
that was an example and in his scenario i would say inetd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-20-2008 01:07 PM
тАО03-20-2008 01:07 PM