How to avoid syn cookies

Question

I've got a (TCP) server that handles a big number of new connections per second (1000 - 5000). This causes syn cookies to be send:

kernel: possible SYN flooding on port 2710. Sending cookies.

Syn cookies aren't that bad (in this case), but how do I avoid this. What app or kernel knobs can I turn? Documentation on this appears to be very scarce. The kernel is Linux 2.6.32 x64.

SYN cookies! Om nom nom! – Donal Fellows May 26 '12 at 21:40 — Donal Fellows, May 26 '12 at 21:40

score 2 · Accepted Answer · answered May 26 '12 at 15:53

2

The syncookies is controlled by the setting in /proc/sys/net/ipv4/tcp_syncookies, which you may read the document exist in Linux kernel for more details. To be specific, here's the part which I think is relevant:

    Note, that syncookies is fallback facility.
    It MUST NOT be used to help highly loaded servers to stand
    against legal connection rate. If you see SYN flood warnings
    in your logs, but investigation shows that they occur
    because of overload with legal connections, you should tune
    another parameters until this warning disappear.
    See: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.

answered May 26 '12 at 15:53

Raymond Tau

682
3
16

Thanks. So should I increase tcp_max_syn_backlog or the somaxconn? I'm not sure how they interact. – May 26 '12 at 16:56
@XTF if I were you, I will try one of them. For example, increase tcp_max_syn_backlog to 7000, to see if it still need to use syncookies or not. – Raymond Tau May 26 '12 at 17:49

How to avoid syn cookies

1 Answers1

Linked