[f-nsp] Strange interaction

Bill McCaffrey bill at neopets.com
Tue Mar 4 18:07:00 EST 2003


I have an odd/strange/interesting situation that I am at a complete loss to
explain.

I have two serverirons, one with 50 servers, the other has 100 servers.
Serverirons are running on firmware version 07.3.05aT12 and are configured
with hand-off load balancing. All the servers are running stock RH 6.2. I
recently change the TCP syn-def parameter down to 2 seconds to battle some
ddos attacks. After the change, I started to have from 2 to 6 dead servers
in the morning, not just health-check dead, but completely kernel-panic type
dead. With nothing showing in the logs on the servers. They tended to go
down early to mid morning, all at different times and not the same servers
each day. This time of day is neither the highest nor lowest traffic period.
The 50 server lb, which handles about 3 times the number of requests as the
other had the problem in a greater degree.

I changed the parameter to 4 seconds and the problem went away.

Tarot cards and pigeon entrails have shed no light on this - does anybody
have any ideas on what could be happening here?

TIA, 
Bill


More information about the foundry-nsp mailing list