Increase max tcp connections in RedHat

Hi all,

I can see that only 1000 tcp connections can be opened in redhat v6.5. Which setting should be configure in order to allow 10000 tcp connections opened simultaneously? other tcp connections attemts fail to open.

Any help will be appreciated ,
Limor

Quote:

Originally Posted by limors222 Hi all, I can see that only 1000 tcp connections can be opened in redhat v6.5. Which setting should be configure in order to allow 10000 tcp connections opened simultaneously? other tcp connections attemts fail to open.

First, have you contacted Red Hat support??? This is exactly why you pay them for a subscription/support, and this is something that's covered in their knowledgebase.

Look in /etc/sysctl.conf...try changing net.ipv4.netfilter.ip_conntrack_max to be whatever value you want, but be warned, you may have to change other things as well. Things like:

Code:

net.ipv4.netfilter.ip_conntrack_max
net.ipv4.tcp_tw_recycle
net.ipv4.tcp_tw_reuse
net.ipv4.tcp_orphan_retries
net.ipv4.tcp_fin_timeout
net.ipv4.tcp_max_orphans
net.ipv4.ip_local_port_range

....all have parts to play.

First, thanks for your reply.
We don't have support, this is why I used this forum.
I changed file and got:
[root@redhat65-pc2 /proc/sys]$ sysctl -p
error: "net.ipv4.netfilter.ip_conntrack_max" is an unknown key
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_orphan_retries = 2
net.ipv4.tcp_fin_timeout = 20
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296

Error with setting net.ipv4.netfilter.ip_conntrack_max. Any idea what is missing?

Thanks

I also tried the following setting, but same result
error: "net.netfilter.nf_conntrack_max" is an unknown key
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_orphan_retries = 1
net.ipv4.tcp_fin_timeout = 5
net.ipv4.ip_local_port_range = 1024 65000
fs.file-max = 375582
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296

Also set ulimit -n in etc/profile to be 65535
Added the following rows to /etc/security/limit.conf:
* soft nofile 65535
* hard nofile 65535
root hard nofile 65535
root soft nofile 65535
But again same result... only 1000 connections are getting response.

Quote:

Originally Posted by limors222 First, thanks for your reply. We don't have support, this is why I used this forum.

Using RHEL without support is a BAD IDEA, period. If this is a production server, you WILL NOT get patches/updates/security fixes/bugfixes. All you will wind up with is an insecure, unstable server that's more difficult to manage. PAY FOR RHEL if you're going to use it.

Quote:

I changed file and got: [root@redhat65-pc2 /proc/sys]$ sysctl -p error: "net.ipv4.netfilter.ip_conntrack_max" is an unknown key net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_orphan_retries = 2 net.ipv4.tcp_fin_timeout = 20 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key error: "net.bridge.bridge-nf-call-iptables" is an unknown key error: "net.bridge.bridge-nf-call-arptables" is an unknown key kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 Error with setting net.ipv4.netfilter.ip_conntrack_max.

Is the nf_conntrack module loaded and/or available???

Things like this are EXACTLY the reason you need to pay for RHEL...if you're not going to, then there is NO REASON to use it, versus using the free CentOS.