Hi,
> I've noticed a steadily increasing amount of zombie connections between
> our Moonshot IdP and the trust router:
>
> tcp 1 0 moonshot-test.is.ed.a:49845
> tr1.moonshot.ja.net:12309 CLOSE_WAIT 1224/radiusd
> tcp 1 0 moonshot-test.is.ed.a:50068
> tr1.moonshot.ja.net:12309 CLOSE_WAIT 1224/radiusd
> tcp 1 0 moonshot-test.is.ed.a:50874
> tr1.moonshot.ja.net:12309 CLOSE_WAIT 1224/radiusd
>
> These are all sitting in the CLOSE_WAIT state.
> I'm currently at 838 connections and counting. Any idea what's causing this?
how often are the links used - ie whats the authentication throughout? and
what are your kernel values for full TCP closure? eg net.ipv4.tcp_keepalive_* values ?
it might be that your server is just keeping sessions open for longer than
needed when they are over.
there have been some minor fixes for TLS/radsec in recent FR releases
but nothing that points to this sort of behaviour
alan
|