I’ve been getting this message: possible SYN flooding. I already tweaked the "net.ipv4.tcp_max_syn_backlog" directive, but the issue persists and I cannot determine the reason.
To be noted this is not a DDoS situation, but high level of traffic.
I would very much appreciate if anyone has a solution to share with me. I can offer more details, if needed.
Best regards
We need more information in order to help you effectively.
What do you have for net.ipv4.tcp_syncookies and net.ipv4.tcp_synack_retries? But before that you need to understand the pattern of the high traffic. Are you seeing lots of TIME_WAIT in netstat? What sort of data did you already collect? What web server are you running? There might be specific settings for that as well to cope with this.
Here's a nice overview that might help you regarding tcp tuning: https://vincent.bernat.im/en/blog/2014-tcp-time-wait-state-linux
