Re: [jetty-users] SSL causes buildup of CLOSE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] SSL causes buildup of CLOSE_WAIT-connections

From: Greg Wilkins <gregw@xxxxxxxxxxx>
Date: Fri, 8 Jul 2016 08:00:05 +1000
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Johannes,

We've has a few reports of this kind, but have not been able to get a reproduction nor identify anything that jetty is doing incorrectly.

So it would be great if you could use wireshark or similar to capture the IP traffic to/from the machine that is collecting the CLOSE_WAIT sockets. The encrypted traffic is fine, as we don't need to see the content, just the close handshake conversation.

Also, can you tell us what client you are using to initiate the communication between the servers?

While it may be a Jetty bug that is causing these CLOSE_WAITs, the number of them indicates that your client is not using persistent connections... which for SSL are highly desirable as otherwise your machines will spend more time negotiating keys rather than transferring data.

So please provide that information.... perhaps in a issue on github as a better place to track this.

cheers

On 7 July 2016 at 22:12, Johannes Skjeggestad Meyer <jsm@xxxxxxx> wrote:

Hi!

We have an ensemble of three jetty-servers running jetty 9.3.8 on CentOS. There is a fairly high rate of communication between the servers. When we run the ensemble without SSL, everything works perfectly, but once SSL is activated, exactly one of the servers start to get a massive amount of connections in CLOSE_WAIT (more than 50 000). This, again, causes the Old Gen-part of the heap memory in the JVM to fill up, and the server becomes unable to communicate with exactly one of the other two, with Couldn’t resolve address. However, the other machine can still communicate with the one that breaks down, and the 3^rd machine can communicate with both.

Running forced garbage collection on the machine that breaks down makes no difference to the used memory in the Old Gen-part of the JVM heap memory, while on the other machines, GC pretty much completely cleans the memory. Also, the number of CLOSE_WAIT-connections in the machine that breaks down should be matched by FIN_WAIT2-connections in the other two, but there are only a few thousand of those.

Does anyone know what may be the problem?

Any help would be greatly appreciated.

With regards,

Johannes

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

Greg Wilkins <gregw@xxxxxxxxxxx> CTO http://webtide.com

References:
- [jetty-users] SSL causes buildup of CLOSE_WAIT-connections
  - From: Johannes Skjeggestad Meyer

Prev by Date: [jetty-users] SSL causes buildup of CLOSE_WAIT-connections
Next by Date: [jetty-users] apache-jsp and Jetty p2 repository
Previous by thread: [jetty-users] SSL causes buildup of CLOSE_WAIT-connections
Next by thread: Re: [jetty-users] SSL causes buildup of CLOSE_WAIT-connections
Index(es):
- Date
- Thread

Breadcrumbs