On Fri, Nov 07, 2003 at 11:43:40PM -0500, Scott Courtney wrote:
> > Also, what if the total number of connections (SYN_RCVD, TIME_WAIT,
> > ESTABLISHED, everything) ? What percentage of these are in SYN_RCVD?
> > Solaris has the wondering (wonderful!) ndd -get /dev/tcp tcp_listen_hash
> > to tell you how many connections are in each of q0 and q network
> > connection queuesm so you can quickly tell if you are blockign waiting
> > for the TCP connection to form, or blocking waiting for the application
> > to accept. I don't know of anything like this for Linux, I wish I did.
>
> Another good question, and one we've been looking at as well. Before the
> changes to the TCP parms in the kernel (see above), there were a large number
> of TIME_WAIT and SYN_RECV states in the output of "netstat -pn". Now we have
> a smaller proportion of these states as compared to the ESTABLISHED state,
> where something useful is (presumably) happening.
>
> But the time between "telnet localhost 25" and "220 Exim....blah blah" is
> still anywhere from 15 seconds to infinity (timeout error).
Your netstat -s *looks* ok, but if soemone with more knowledge reading
that could confirm it, it'd be good :-)
One thing you can try:
Remove one of the hosts from accepting mail (firewall it, remove the MX
record, whatever), and THEN try the test.
If you don't have a long wait, then you are more likely to be running in
to performance problems with load (application or system).
If you do still have to wait, it might be a confirguration problem. What
I would do at that point is tcpdump all the traffic on that interface,
and see what comes out - you might find that something is blocking on a
DNS lookup somewhere even though you think you've disabled all the
required lookups ;-)
Depending on how static the system is, you could try creating entries
for the relay and LDAP systems in /etc/hosts on each MX to see if that
helps.
--
Avleen Vig
Systems Administrator
Personal: www.silverwraith.com
EFnet: irc.mindspring.com (Earthlink user access only)