I'm working on scaling up a front-end proxy server, and up until yesterday I was using Squid as the reverse-proxy (even though basically nothing was being cached, i.e. Squid was proxying only). Today I tried changing to nginx and I've noticed that I'm hitting ip_conntrack limits a lot more quickly.
As a short-term workaround I'm just raising the ip_conntrack limits (as per http://rackerhacker.com/2008/01/24/ip_conntrack-table-full-dropping-packet) but I was wondering if anyone here knows why nginx is hitting these limits so much more quickly, and if anything can be done to rectify it? (i.e. have connections ejected from the tracking tables more quickly).
Things in use are an up-to-date Centos 5.5 box, nginx 0.8.53, and Squid 2.6. Everything is installed from RPMs (either core or the EPEL ones).
Thanks in advance for any advice or enlightening discussion.
For my own reference, this other thread was useful on this topic: Determine nginx reverse-proxy load limits