I am trying to create vpn connection in my app. On the sever side use IKEv2 VPN Server with StrongSwan on Ubuntu 16.04. Build by this guid (https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-16-04).
When I'm trying to connect.
Server send this logs:
- May 5 08:58:21 ip-2 charon: 05[NET] received packet: from 3[500] to 2[500] (432 bytes)
- May 5 08:58:21 ip-2 charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
- May 5 08:58:21 ip-2 charon: 05[IKE] 3 is initiating an IKE_SA
- May 5 08:58:21 ip-2 charon: 05[IKE] local host is behind NAT, sending keep alives
- May 5 08:58:21 ip-2 charon: 05[IKE] remote host is behind NAT
- May 5 08:58:21 ip-2 charon: 05[IKE] received proposals inacceptable
- May 5 08:58:21 ip-2 charon: 05[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
- May 5 08:58:21 ip-2 charon: 05[NET] sending packet: from 2[500] to 3[500] (36 bytes)
- May 5 08:58:22 ip-2 charon: 16[NET] received packet: from 3[500] to 2[500] (432 bytes)
- May 5 08:58:22 ip-2 charon: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
- May 5 08:58:22 ip-2 charon: 16[IKE] 3 is initiating an IKE_SA
- May 5 08:58:22 ip-2 charon: 16[IKE] local host is behind NAT, sending keep alives
- May 5 08:58:22 ip-2 charon: 16[IKE] remote host is behind NAT
- May 5 08:58:22 ip-2 charon: 16[IKE] received proposals inacceptable
- May 5 08:58:22 ip-2 charon: 16[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
- May 5 08:58:22 ip-2 charon: 16[NET] sending packet: from 2[500] to 3[500] (36 bytes)
I use this configuration on server:
config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no
conn ikev2-vpn
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
lifetime=8h
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftid=<IP>
leftcert=server-cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-mschapv2
rightsourceip=10.10.10.0/24
rightdns=8.8.8.8,8.8.4.4
rightsendcert=never
eap_identity=%identity
ike=aes256-sha1-modp1024,3des-sha1-modp1024!
esp=aes256-sha1,3des-sha1!
On iOS use this code:
class VpnManager {
let vpnManager = NEVPNManager.shared()
let info = VPNINFO()
func connectToVPN() {
vpnManager.loadFromPreferences { error in
guard error == nil else {
print(error)
return
}
let IKEv2Protocol = NEVPNProtocolIKEv2()
IKEv2Protocol.serverAddress = self.info.serverAddress
IKEv2Protocol.authenticationMethod = .certificate
let certificate = SecCertificateCreateWithData(nil, Data(base64Encoded: self.info.cert)! as CFData)!
let certificateData = SecCertificateCopyData(certificate) as Data
IKEv2Protocol.identityData = certificateData
self.vpnManager.protocolConfiguration = IKEv2Protocol
self.vpnManager.isEnabled = true
self.vpnManager.saveToPreferences { error in
guard error == nil else {
print(error)
return
}
do {
try self.vpnManager.connection.startVPNTunnel(
options: ([
NEVPNConnectionStartOptionUsername: "username",
NEVPNConnectionStartOptionPassword: KeychainWrapper.passwordRefForVPNID("MY_PASSWORD")
] as! [String: NSObject]))
} catch let error {
print(error)
}
}
}
}
}
Expected result:
Connected
Actual result:
Connection -> Disconnected
Last console logs:
Jun 4 15:44:51 charon: 06[NET] received packet: from <my ip>[500] to <server ip>[500] (304 bytes)
Jun 4 15:44:51 charon: 06[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Jun 4 15:44:51 charon: 06[IKE] <my ip> is initiating an IKE_SA
Jun 4 15:44:51 charon: 06[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jun 4 15:44:51 charon: 06[IKE] local host is behind NAT, sending keep alives
Jun 4 15:44:51 charon: 06[IKE] remote host is behind NAT
Jun 4 15:44:51 charon: 06[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
Jun 4 15:44:51 charon: 06[NET] sending packet: from <server ip>[500] to <my ip>[500] (328 bytes)
Jun 4 15:44:51 charon: 05[NET] received packet: from <my ip>[500] to <server ip>[500] (304 bytes)
Jun 4 15:44:51 charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Jun 4 15:44:51 charon: 05[IKE] <my ip> is initiating an IKE_SA
Jun 4 15:44:51 charon: 05[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jun 4 15:44:51 charon: 05[IKE] local host is behind NAT, sending keep alives
Jun 4 15:44:51 charon: 05[IKE] remote host is behind NAT
Jun 4 15:44:51 charon: 05[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
Jun 4 15:44:51 charon: 05[NET] sending packet: from <server ip>[500] to <my ip>[500] (328 bytes)
Jun 4 15:45:11 charon: 08[IKE] sending keep alive to <my ip>[500]
Jun 4 15:45:11 charon: 09[IKE] sending keep alive to <my ip>[500]
Jun 4 15:45:21 charon: 10[JOB] deleting half open IKE_SA with <my ip> after timeout
Jun 4 15:45:21 charon: 11[JOB] deleting half open IKE_SA with <my ip> after timeout
Your strongswan server is configured with the following encryption algorithm.
ike=aes256-sha1-modp1024,3des-sha1-modp1024!
esp=aes256-sha1,3des-sha1!
Solution
You need to specify the Cipher in NEVPNProtocolIKEv2 instance that is supported by VPN Server.
IKEv2Protocol.ikeSecurityAssociationParameters.encryptionAlgorithm = .algorithmAES256
IKEv2Protocol.ikeSecurityAssociationParameters.integrityAlgorithm = .SHA96
IKEv2Protocol.ikeSecurityAssociationParameters.diffieHellmanGroup = .group2
IKEv2Protocol.ikeSecurityAssociationParameters.lifetimeMinutes = 480
IKEv2Protocol.childSecurityAssociationParameters.encryptionAlgorithm = .algorithmAES256
IKEv2Protocol.childSecurityAssociationParameters.integrityAlgorithm = .SHA96
IKEv2Protocol.childSecurityAssociationParameters.diffieHellmanGroup = .group2
IKEv2Protocol.childSecurityAssociationParameters.lifetimeMinutes = 60
Related
everyone.
I have been learning istio and to understand how maxRequestsPerConnection works, I applied the manifest below.
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: httpbin
spec:
host: httpbin
trafficPolicy:
connectionPool:
http:
maxRequestsPerConnection: 1
httpbin is a sample service of istio.
I thought maxRequestsPerConnection means how many http requests are allowed per one TCP Connection, and istio would close tcp connection after pod received one http request in this case.
After applying, I sent some http requests using telnet. I thought istio would accept the request once and then close the TCP connection, but istio didn't.
$ telnet httpbin 8000
Trying 10.76.12.133...
Connected to httpbin.default.svc.cluster.local.
Escape character is '^]'.
GET /get HTTP/1.1
User-Agent: Telnet [ja] (Linux)
Host: httpbin
HTTP/1.1 200 OK
server: envoy
date: Sun, 07 Nov 2021 14:14:16 GMT
content-type: application/json
content-length: 579
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 9
{
"args": {},
"headers": {
"Host": "httpbin",
"User-Agent": "Telnet [ja] (Linux)",
"X-B3-Parentspanid": "b042ad708e2a47a2",
"X-B3-Sampled": "1",
"X-B3-Spanid": "b6a08d45e1a1e15e",
"X-B3-Traceid": "fc23863eafb0322db042ad708e2a47a2",
"X-Envoy-Attempt-Count": "1",
"X-Forwarded-Client-Cert": "By=spiffe://cluster.local/ns/default/sa/httpbin;Hash=d9bb27f31fe44200f803dbe736419b4664b5b81045bb3811711119ca5ccf6a37;Subject=\"\";URI=spiffe://cluster.local/ns/default/sa/default"
},
"origin": "127.0.0.6",
"url": "http://httpbin/get"
}
GET /get HTTP/1.1
User-Agent: Telnet [ja] (Linux)
Host: httpbin
HTTP/1.1 200 OK
server: envoy
date: Sun, 07 Nov 2021 14:14:18 GMT
content-type: application/json
content-length: 579
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
{
"args": {},
"headers": {
"Host": "httpbin",
"User-Agent": "Telnet [ja] (Linux)",
"X-B3-Parentspanid": "85722c0d777e8537",
"X-B3-Sampled": "1",
"X-B3-Spanid": "31d2acc5348a6fc5",
"X-B3-Traceid": "d7ada94a092d681885722c0d777e8537",
"X-Envoy-Attempt-Count": "1",
"X-Forwarded-Client-Cert": "By=spiffe://cluster.local/ns/default/sa/httpbin;Hash=d9bb27f31fe44200f803dbe736419b4664b5b81045bb3811711119ca5ccf6a37;Subject=\"\";URI=spiffe://cluster.local/ns/default/sa/default"
},
"origin": "127.0.0.6",
"url": "http://httpbin/get"
}
After this, I sent http request ten times using fortio, and I got the same result.
$ kubectl exec "$FORTIO_POD" -c fortio -- /usr/bin/fortio load -c 1 -qps 0 -n 10 -loglevel Warning http://httpbin:8000/get
14:22:56 I logger.go:127> Log level is now 3 Warning (was 2 Info)
Fortio 1.17.1 running at 0 queries per second, 2->2 procs, for 10 calls: http://httpbin:8000/get
Starting at max qps with 1 thread(s) [gomax 2] for exactly 10 calls (10 per thread + 0)
Ended after 106.50891ms : 10 calls. qps=93.889
Aggregated Function Time : count 10 avg 0.010648204 +/- 0.01639 min 0.003757335 max 0.059256801 sum 0.106482036
# range, mid point, percentile, count
>= 0.00375734 <= 0.004 , 0.00387867 , 30.00, 3
> 0.004 <= 0.005 , 0.0045 , 70.00, 4
> 0.005 <= 0.006 , 0.0055 , 80.00, 1
> 0.012 <= 0.014 , 0.013 , 90.00, 1
> 0.05 <= 0.0592568 , 0.0546284 , 100.00, 1
# target 50% 0.0045
# target 75% 0.0055
# target 90% 0.014
# target 99% 0.0583311
# target 99.9% 0.0591642
Sockets used: 1 (for perfect keepalive, would be 1)
Jitter: false
Code 200 : 10 (100.0 %)
Response Header Sizes : count 10 avg 230.1 +/- 0.3 min 230 max 231 sum 2301
Response Body/Total Sizes : count 10 avg 824.1 +/- 0.3 min 824 max 825 sum 8241
All done 10 calls (plus 0 warmup) 10.648 ms avg, 93.9 qps
$
In my understanding, the message Sockets used: 1 (for perfect keepalive, would be 1) means fortio used only one TCP connection.
I guessed clients used different tcp connection for each http requests first, but if it is true, telnet connection was not closed by foreign host and fortio used ten tcp connections.
Please teach me what the function of maxRequestsPerConnection is.
Zuul not routing to student-service which is registered in Eureka Server.
using Greenwich.SR1
bootstrap.yml
server:
port: 17005
# Eureka server details and its refresh time
eureka:
instance:
leaseRenewalIntervalInSeconds: 1
leaseExpirationDurationInSeconds: 2
client:
registry-fetch-interval-seconds: 30
serviceUrl:
defaultZone: http://localhost:8761/eureka/
healthcheck:
enabled: true
lease:
duration: 5
instance:
lease-expiration-duration-in-seconds: 5
lease-renewal-interval-in-seconds: 30
# Current service name to be used by the eureka server
spring:
application:
name: app-gateway
# Microservices routing configuration
zuul:
routes:
students:
path: /students/**
serviceId: student-service
host:
socket-timeout-millis: 30000
hystrix:
command:
default:
execution:
isolation:
thread:
timeoutInMilliseconds: 30000
I've added PreFilter to log the request from UI. Whenever the request from UI hits the Zuul - I observe the below in logs but no proceeding after - Not getting routed to the student-service.
Request Method : GET Request URL : http://localhost:17005/students/School2
2019-04-26 21:45:54.314 INFO 18196 --- [o-17005-exec-10] c.netflix.config.ChainedDynamicProperty : Flipping property: student-service.ribbon.ActiveConnectionsLimit to use NEXT property: niws.loadbalancer.availabilityFilteringRule.activeConnectionsLimit = 2147483647
2019-04-26 21:45:54.387 INFO 18196 --- [o-17005-exec-10] c.n.u.concurrent.ShutdownEnabledTimer : Shutdown hook installed for: NFLoadBalancer-PingTimer-student-service
2019-04-26 21:45:54.387 INFO 18196 --- [o-17005-exec-10] c.netflix.loadbalancer.BaseLoadBalancer : Client: student-service instantiated a LoadBalancer: DynamicServerListLoadBalancer:{NFLoadBalancer:name=student-service,current list of Servers=[],Load balancer stats=Zone stats: {},Server stats: []}ServerList:null
2019-04-26 21:45:54.682 INFO 18196 --- [o-17005-exec-10] c.n.l.DynamicServerListLoadBalancer : Using serverListUpdater PollingServerListUpdater
2019-04-26 21:45:54.720 INFO 18196 --- [o-17005-exec-10] c.netflix.config.ChainedDynamicProperty : Flipping property: student-service.ribbon.ActiveConnectionsLimit to use NEXT property: niws.loadbalancer.availabilityFilteringRule.activeConnectionsLimit = 2147483647
2019-04-26 21:45:54.723 INFO 18196 --- [o-17005-exec-10] c.n.l.DynamicServerListLoadBalancer : DynamicServerListLoadBalancer for client student-service initialized: DynamicServerListLoadBalancer:{NFLoadBalancer:name=student-service,current list of Servers=[192.168.56.1:56567],Load balancer stats=Zone stats: {defaultzone=[Zone:defaultzone; Instance count:1; Active connections count: 0; Circuit breaker tripped count: 0; Active connections per server: 0.0;]
},Server stats: [[Server:192.168.56.1:56567; Zone:defaultZone; Total Requests:0; Successive connection failure:0; Total blackout seconds:0; Last connection made:Thu Jan 01 05:30:00 IST 1970; First connection made: Thu Jan 01 05:30:00 IST 1970; Active Connections:0; total failure count in last (1000) msecs:0; average resp time:0.0; 90 percentile resp time:0.0; 95 percentile resp time:0.0; min resp time:0.0; max resp time:0.0; stddev resp time:0.0]
]}ServerList:org.springframework.cloud.netflix.ribbon.eureka.DomainExtractingServerList#42abe3b4
2019-04-26 21:45:55.742 INFO 18196 --- [erListUpdater-0] c.netflix.config.ChainedDynamicProperty : Flipping property: student-service.ribbon.ActiveConnectionsLimit to use NEXT property: niws.loadbalancer.availabilityFilteringRule.activeConnectionsLimit = 2147483647
There is no exception trace in the Microservices.
The response to UI:
type=Not Found, status=404
Please help on establishing this routing.
I'm trying to perform a refund on Paypal developer account but I keep getting errors while trying to run this command via powershell:
$certpath="E:\AAAA\cert_key.pem"
curl -v -E $certpath -F content=C:\Users\AAA\Desktop\res.xml;type=text/xml" https://api.sandbox.paypal.com/2.0/
The Content of the XML are as below which i took from paypal developer site:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/1999/XMLSchema"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Header>
<RequesterCredentials xmlns="urn:ebay:api:PayPalAPI" SOAP-ENV:mustUnderstand="1">
<Credentials xmlns="urn:ebay:apis:eBLBaseComponents">
<Username>username</Username>
<Password>password</Password>
<Subject/>
</Credentials>
</RequesterCredentials>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<RefundTransactionReq xmlns="urn:ebay:api:PayPalAPI">
<RefundTransactionRequest xsi:type="ns:RefundTransactionRequestType">
<Version xmlns="urn:ebay:apis:eBLBaseComponents" xsi:type="xsd:string">1.0</Version>
<TransactionID xsi:type="ebl:TransactionId">3P573784GG4876055</TransactionID>
<RefundType>Full</RefundType>
<Memo>Shell script FULL refund example</Memo>
</RefundTransactionRequest>
</RefundTransactionReq>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
But i keep getting below error:
curl : * timeout on name lookup is not supported
At line:2 char:1
+ curl -v -E $certpath -F "content=C:\Users\MICHELANGELO\Desktop\res.xml;type=text ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (* timeout on na...s not supported:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
* Trying 173.0.82.78...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Connected to api.sandbox.paypal.com (173.0.82.78) port 443 (#0)
* schannel: SSL/TLS connection with api.sandbox.paypal.com port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 173 bytes...
* schannel: sent initial handshake data: sent 173 bytes
* schannel: SSL/TLS connection with api.sandbox.paypal.com port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with api.sandbox.paypal.com port 443 (step 2/3)
* schannel: encrypted data buffer: offset 4071 length 4096
* schannel: a client certificate has been requested
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* schannel: SSL/TLS connection with api.sandbox.paypal.com port 443 (step 2/3)
* schannel: encrypted data buffer: offset 4071 length 5095
* schannel: sending next handshake data: sending 365 bytes...
* schannel: SSL/TLS connection with api.sandbox.paypal.com port 443 (step 2/3)
* schannel: encrypted data buffer: offset 91 length 5095
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with api.sandbox.paypal.com port 443 (step 3/3)
> POST /2.0/ HTTP/1.1
> Host: api.sandbox.paypal.com
> User-Agent: curl/7.51.0
> Accept: */*
> Content-Length: 203
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=------------------------f4cd70d3c58d2816
>
0 203 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
* Done waiting for 100-continue
} [203 bytes data]
* schannel: client wants to read 16384 bytes
* schannel: encdata_buffer resized 17408
* schannel: encrypted data buffer: offset 0 length 17408
* schannel: Curl_read_plain returned CURLE_RECV_ERROR
* schannel: encrypted data buffer: offset 0 length 17408
* schannel: encrypted data buffer: offset 0 length 17408
* schannel: decrypted data buffer: offset 0 length 4096
* schannel: schannel_recv cleanup
* Curl_http_done: called premature == 1
100 203 0 0 100 203 0 92 0:00:02 0:00:02 --:--:-- 92
* Closing connection 0
* schannel: shutting down SSL/TLS connection with api.sandbox.paypal.com port 443
* Send failure: Connection was reset
* schannel: failed to send close msg: Failed sending data to the peer (bytes written: -1)
* schannel: clear security context handle
curl: (56) Send failure: Connection was reset
Any help would be really appreciated.
analyse named.stats file On Solaris 10, SunOS azalea 5.10 Generic_150400-13 sun4u sparc SUNW,Sun-Fire-V490
perl version: v5.8.4 built for sun4-solaris-64int
BIND 9.9.5-P1, this dns has view zone!
When I ran zabbix_bind.9.6_stats.pl script, the date in the first line of the result file zabbix_named.stats.txt is wrong.
Input file: named.stats
+++ Statistics Dump +++ (1411256097)
++ Incoming Requests ++
245677755 QUERY
11 IQUERY
131 NOTIFY
5 UPDATE
++ Incoming Queries ++
7 RESERVED0
214646337 A
195659 NS
194834 CNAME
67573 SOA
11863353 PTR
13 HINFO
311508 MX
80961 TXT
17684359 AAAA
313197 SRV
35 NAPTR
1026 A6
377 DS
2 NSEC
16 DNSKEY
2658 SPF
6 AXFR
317449 ANY
14 Others
++ Outgoing Queries ++
[View: GLU]
97641561 A
913138 NS
1668 CNAME
3496 SOA
584400 PTR
215941 MX
222061 TXT
8968008 AAAA
10839 SRV
74 DS
1 DNSKEY
11600 ANY
[View: Other]
[View: _bind]
++ Name Server Statistics ++
245679139 IPv4 requests received
6939549 requests with EDNS(0) received
29010 requests with TSIG received
56072 TCP requests received
1735225 auth queries rejected
50400546 recursive queries rejected
6 transfer requests rejected
231559258 responses sent
39867 truncated responses sent
6886241 responses with EDNS(0) sent
28879 responses with TSIG sent
134630025 queries resulted in successful answer
7564120 queries resulted in authoritative answer
145275533 queries resulted in non authoritative answer
33203 queries resulted in referral answer
8608506 queries resulted in nxrrset
26580073 queries resulted in SERVFAIL
9569385 queries resulted in NXDOMAIN
86774948 queries caused recursion
12879202 duplicate queries received
1239821 queries dropped
52135771 other query failures
++ Zone Maintenance Statistics ++
130 IPv4 notifies received
4114 IPv4 SOA queries sent
20 IPv4 AXFR requested
10 IPv4 IXFR requested
30 transfer requests succeeded
++ Resolver Statistics ++
[Common]
223764 mismatch responses received
[View: GLU]
108570571 IPv4 queries sent
76450226 IPv4 responses received
519727 NXDOMAIN received
150555 SERVFAIL received
50543 FORMERR received
394845 other errors received
64245 EDNS(0) query failures
6679270 truncated responses received
77150 lame delegations received
39157947 query retries
32176451 query timeouts
2446839 IPv4 NS address fetches
131398 IPv4 NS address fetch failed
10663 queries with RTT < 10ms
55311397 queries with RTT 10-100ms
17022288 queries with RTT 100-500ms
3465431 queries with RTT 500-800ms
455258 queries with RTT 800-1600ms
12639 queries with RTT > 1600ms
[View: Other]
[View: _bind]
++ Cache DB RRsets ++
[View: GLU (Cache: GLU)]
20848 A
28539 NS
4810 CNAME
4 SOA
140 PTR
4 MX
18 TXT
1523 AAAA
1 SRV
167 DS
774 RRSIG
423 NSEC
1 DNSKEY
20 !A
5 !TXT
314 !AAAA
237 NXDOMAIN
[View: Other (Cache: Other)]
[View: _bind (Cache: _bind)]
++ Socket I/O Statistics ++
101917427 UDP/IPv4 sockets opened
6679398 TCP/IPv4 sockets opened
101934142 UDP/IPv4 sockets closed
6736965 TCP/IPv4 sockets closed
32659 UDP/IPv4 socket bind failures
1614 TCP/IPv4 socket connect failures
101889277 UDP/IPv4 connections established
6417057 TCP/IPv4 connections established
622 TCP/IPv4 connection accept failures
57536 TCP/IPv4 connections accepted
5 TCP/IPv4 send errors
173008 UDP/IPv4 recv errors
37707 TCP/IPv4 recv errors
++ Per Zone Query Statistics ++
[0.0.127.in-addr.arpa (view: GLU)]
27 queries resulted in successful answer
164 queries resulted in authoritative answer
137 queries resulted in NXDOMAIN
[160.192.222.in-addr.arpa (view: GLU)]
141 queries resulted in successful answer
792 queries resulted in authoritative answer
651 queries resulted in NXDOMAIN
[0.0.127.in-addr.arpa (view: Other)]
[160.192.222.in-addr.arpa (view: Other)]
92115 queries resulted in successful answer
106915 queries resulted in authoritative answer
123 queries resulted in nxrrset
14677 queries resulted in NXDOMAIN
[glu.edu.cn (view: Other)]
5 transfer requests rejected
1764308 queries resulted in successful answer
2849091 queries resulted in authoritative answer
574347 queries resulted in nxrrset
510456 queries resulted in NXDOMAIN
[version.bind (view: _bind)]
264 queries resulted in successful answer
264 queries resulted in authoritative answer
[hostname.bind (view: _bind)]
3 queries resulted in successful answer
3 queries resulted in authoritative answer
[authors.bind (view: _bind)]
[id.server (view: _bind)]
--- Statistics Dump --- (1411256097)
+++ Statistics Dump +++ (1411256113)
++ Incoming Requests ++
245678141 QUERY
11 IQUERY
131 NOTIFY
5 UPDATE
++ Incoming Queries ++
7 RESERVED0
214646692 A
195659 NS
194834 CNAME
67578 SOA
11863360 PTR
13 HINFO
311512 MX
80961 TXT
17684371 AAAA
313199 SRV
35 NAPTR
1026 A6
377 DS
2 NSEC
16 DNSKEY
2658 SPF
6 AXFR
317450 ANY
14 Others
++ Outgoing Queries ++
[View: GLU]
97641832 A
913147 NS
1668 CNAME
3496 SOA
584400 PTR
215944 MX
222061 TXT
8968013 AAAA
10839 SRV
74 DS
1 DNSKEY
11600 ANY
[View: Other]
[View: _bind]
++ Name Server Statistics ++
245679525 IPv4 requests received
6939573 requests with EDNS(0) received
29010 requests with TSIG received
56072 TCP requests received
1735231 auth queries rejected
50400606 recursive queries rejected
6 transfer requests rejected
231559636 responses sent
39867 truncated responses sent
6886265 responses with EDNS(0) sent
28879 responses with TSIG sent
134630301 queries resulted in successful answer
7564152 queries resulted in authoritative answer
145275810 queries resulted in non authoritative answer
33203 queries resulted in referral answer
8608514 queries resulted in nxrrset
26580076 queries resulted in SERVFAIL
9569410 queries resulted in NXDOMAIN
86775072 queries caused recursion
12879204 duplicate queries received
1239821 queries dropped
52135837 other query failures
++ Zone Maintenance Statistics ++
130 IPv4 notifies received
4114 IPv4 SOA queries sent
20 IPv4 AXFR requested
10 IPv4 IXFR requested
30 transfer requests succeeded
++ Resolver Statistics ++
[Common]
223769 mismatch responses received
[View: GLU]
108570859 IPv4 queries sent
76450431 IPv4 responses received
519730 NXDOMAIN received
150555 SERVFAIL received
50543 FORMERR received
394845 other errors received
64245 EDNS(0) query failures
6679285 truncated responses received
77150 lame delegations received
39158038 query retries
32176528 query timeouts
2446848 IPv4 NS address fetches
131398 IPv4 NS address fetch failed
10663 queries with RTT < 10ms
55311569 queries with RTT 10-100ms
17022314 queries with RTT 100-500ms
3465436 queries with RTT 500-800ms
455260 queries with RTT 800-1600ms
12639 queries with RTT > 1600ms
[View: Other]
[View: _bind]
++ Cache DB RRsets ++
[View: GLU (Cache: GLU)]
20863 A
28540 NS
4848 CNAME
4 SOA
140 PTR
4 MX
18 TXT
1523 AAAA
1 SRV
167 DS
774 RRSIG
423 NSEC
1 DNSKEY
20 !A
5 !TXT
307 !AAAA
240 NXDOMAIN
[View: Other (Cache: Other)]
[View: _bind (Cache: _bind)]
++ Socket I/O Statistics ++
101917700 UDP/IPv4 sockets opened
6679413 TCP/IPv4 sockets opened
101934409 UDP/IPv4 sockets closed
6736981 TCP/IPv4 sockets closed
32659 UDP/IPv4 socket bind failures
1614 TCP/IPv4 socket connect failures
101889550 UDP/IPv4 connections established
6417072 TCP/IPv4 connections established
622 TCP/IPv4 connection accept failures
57537 TCP/IPv4 connections accepted
5 TCP/IPv4 send errors
173008 UDP/IPv4 recv errors
37707 TCP/IPv4 recv errors
++ Per Zone Query Statistics ++
[0.0.127.in-addr.arpa (view: GLU)]
27 queries resulted in successful answer
164 queries resulted in authoritative answer
137 queries resulted in NXDOMAIN
[160.192.222.in-addr.arpa (view: GLU)]
141 queries resulted in successful answer
792 queries resulted in authoritative answer
651 queries resulted in NXDOMAIN
[glu.edu.cn (view: GLU)]
390933 queries resulted in successful answer
485439 queries resulted in authoritative answer
56638 queries resulted in nxrrset
37870 queries resulted in NXDOMAIN
[0.0.127.in-addr.arpa (view: Other)]
[160.192.222.in-addr.arpa (view: Other)]
92115 queries resulted in successful answer
106915 queries resulted in authoritative answer
123 queries resulted in nxrrset
14677 queries resulted in NXDOMAIN
[glu.edu.cn (view: Other)]
5 transfer requests rejected
1764319 queries resulted in successful answer
2849104 queries resulted in authoritative answer
574349 queries resulted in nxrrset
510456 queries resulted in NXDOMAIN
[GLU.cn (view: Other)]
1 transfer requests rejected
63626 queries resulted in successful answer
243178 queries resulted in authoritative answer
42873 queries resulted in nxrrset
136679 queries resulted in NXDOMAIN
[version.bind (view: _bind)]
264 queries resulted in successful answer
264 queries resulted in authoritative answer
[hostname.bind (view: _bind)]
3 queries resulted in successful answer
3 queries resulted in authoritative answer
[authors.bind (view: _bind)]
[id.server (view: _bind)]
--- Statistics Dump --- (1411256113)
Output file: /tmp/zabbix_named.stats.txt
date: 0 Thu Jan 1 08:00:00 1970
Per_Zone_Query_Statistics_Zone_0.0.127.in-addr.arpa__view__GLU__queries_resulted_in_NXDOMAIN: 137
Per_Zone_Query_Statistics_Zone_0.0.127.in-addr.arpa__view__GLU__queries_resulted_in_authoritative_answer: 164
Per_Zone_Query_Statistics_Zone_0.0.127.in-addr.arpa__view__GLU__queries_resulted_in_successful_answer: 27
Per_Zone_Query_Statistics_Zone_160.192.222.in-addr.arpa__view__CERNET__queries_resulted_in_NXDOMAIN: 32er: 423
Per_Zone_Query_Statistics_Zone_160.192.222.in-addr.arpa__view__GLU__queries_resulted_in_NXDOMAIN: 651
Per_Zone_Query_Statistics_Zone_160.192.222.in-addr.arpa__view__GLU__queries_resulted_in_authoritative_answer: 792
Per_Zone_Query_Statistics_Zone_160.192.222.in-addr.arpa__view__GLU__queries_resulted_in_successful_answer: 141
Per_Zone_Query_Statistics_Zone_160.192.222.in-addr.arpa__view__Other__queries_resulted_in_NXDOMAIN: 14678
Per_Zone_Query_Statistics_Zone_160.192.222.in-addr.arpa__view__Other__queries_resulted_in_authoritative_answer: 106920
Per_Zone_Query_Statistics_Zone_160.192.222.in-addr.arpa__view__Other__queries_resulted_in_nxrrset: 124
Per_Zone_Query_Statistics_Zone_160.192.222.in-addr.arpa__view__Other__queries_resulted_in_successful_answer: 92118
Per_Zone_Query_Statistics_Zone_glu.edu.cn__view__GLU__queries_resulted_in_NXDOMAIN: 37890
Per_Zone_Query_Statistics_Zone_glu.edu.cn__view__GLU__queries_resulted_in_authoritative_answer: 485515
Per_Zone_Query_Statistics_Zone_glu.edu.cn__view__GLU__queries_resulted_in_nxrrset: 56662
Per_Zone_Query_Statistics_Zone_glu.edu.cn__view__GLU__queries_resulted_in_successful_answer: 390965
Per_Zone_Query_Statistics_Zone_glu.edu.cn__view__Other__queries_resulted_in_NXDOMAIN: 510477
Per_Zone_Query_Statistics_Zone_glu.edu.cn__view__Other__queries_resulted_in_authoritative_answer: 2849383
Per_Zone_Query_Statistics_Zone_glu.edu.cn__view__Other__queries_resulted_in_nxrrset: 574397
Per_Zone_Query_Statistics_Zone_glu.edu.cn__view__Other__queries_resulted_in_successful_answer: 1764529
Per_Zone_Query_Statistics_Zone_glu.edu.cn__view__Other__transfer_requests_rejected: 5
Per_Zone_Query_Statistics_Zone_hostname.bind__view___bind__queries_resulted_in_authoritative_answer: 3
Per_Zone_Query_Statistics_Zone_hostname.bind__view___bind__queries_resulted_in_successful_answer: 3
Per_Zone_Query_Statistics_Zone_version.bind__view___bind__queries_resulted_in_authoritative_answer: 266
Per_Zone_Query_Statistics_Zone_version.bind__view___bind__queries_resulted_in_successful_answer: 266
zabbix_bind.9.6_stats.pl (from https://www.zabbix.com/forum/showthread.php?t=38970):
#!/usr/bin/perl
# Dmitry Maksimov 5.02.2013 dima_dm#hotmail.com
# bind 9.6.X and high statistics for Zabbix
#######
# Need!!! perl-suidperl-5.8.5-36.el4_6.3.i386.rpm or later
# Permissions on script
# chmod 4755 zabbix_bind.9.6_stats.pl
# ls -l zabbix_bind.9.6_stats.pl
# -rwsr-xr-x 1 root root 2876 Feb 5 17:40 zabbix_bind.9.6_stats.pl
# Per Zone Query Statistics via Zabbix Low Level Descovery (LLD) (bind option zone-statistics yes) which is only available in Zabbix 2.0 and high.
#### Config ######
my $rndc = '/usr/local/bind9/sbin/rndc';
my $retry = 3; # if error
my $sleep = 5; # in sec
my $data = 10000; # in bytes, size of one statictics sample
my $maxsize
= 5000000; # in bytes $stats file maximum size. If size of file more, whis file ($stats) will be cleared.
my $stats = '/var/named/named.stats';
my $stat_file = '/tmp/zabbix_named.stats.txt';
#### End Config ###
#### Error Code ####
# 1 - OK
# 2 - Error
####################
my $i;
my $date = 0;
my $flag = 0;
my $stat_name = "";
my $zone = "";
my $text = "";
my $counter = "";
my $view = "";
my $code = 1;
my %RESULT = ();
my %ZONENAME = ();
delete #ENV{qw(IFS CDPATH ENV BASH_ENV)}; # Make %ENV safer
$ENV{'PATH'} = "/usr/local/bin:/bin:/usr/bin";
while ( $code > 0 && $i < $retry ) {
$i++;
$code = system("$rndc stats");
if ( $code > 0 ) { sleep($sleep); }
}
my $position = ( stat($stats) )[7];
if ( $position < $data ) {
$position = 0;
} else {
$position = $position - $data;
}
open( FILE, "$stats" );
seek( FILE, $position, 0 );
while (<FILE>) {
if (/^\+{3} Statistics Dump \+{3}\s+\((\d+)\)/) { $date = $1; $flag = 1; %RESULT = (); }
if (/^--- Statistics Dump ---/) { $flag = 0; }
if (/^\+{2}\s+(.*)?\s+(?=\+{2})/) {
$stat_name = $1;
$view = "";
if ( $stat_name eq "Per Zone Query Statistics" ) { $flag = 2; $zone = ""; }
}
if (/^\[View:\s+(.*)?(?=\])/) { $view = "_View_" . $1; }
if ( /^\[(.*)?(?=\])/ && $flag == 2 ) { $zone = "_Zone_" . $1; $zone =~ s#[^a-zA-Z0-9_\.\-]#_#g; }
if ( /^\s+(\d+)\s+(.*)?(?=\n)/ && $flag == 1 ) {
$text = $stat_name . $view . "_" . $2;
$counter = $1;
$text =~ s#[^a-zA-Z0-9_\.\-]#_#g;
$RESULT{$text} = $counter;
}
if ( /^\s+(\d+)\s+(.*)?(?=\n)/ && $flag == 2 ) {
$text = $stat_name . $zone . "_" . $2;
$counter = $1;
$text =~ s#[^a-zA-Z0-9_\.\-]#_#g;
$RESULT{$text} = $counter;
$ZONENAME{$zone} = 1;
}
}
close(FILE);
if ( ( stat($stats) )[7] > $maxsize ) {
open( FILE, ">$stats" );
close(FILE);
}
open( FILE, ">$stat_file" );
print FILE "date: $date ", scalar( localtime($date) ), "\n";
foreach $i ( sort( keys %RESULT ) ) {
print FILE "$i:\t$RESULT{$i}\n";
}
close(FILE);
if ( defined( $ARGV[0] ) && lc( $ARGV[0] ) eq "lld" ) {
print_lld();
} else {
if ( $code > 0 ) {
print "2\n";
} else {
print "1\n";
}
}
sub print_lld {
my $first = 1;
my $key = "";
print "{\n";
print "\t\"data\":[\n\n";
foreach $key ( keys %ZONENAME ) {
print "\t,\n" if not $first;
$first = 0;
print "\t{\n";
print "\t\t\"{#ZONENAME}\":\"$key\"\n";
print "\t}\n";
}
print "\n\t]\n";
print "}\n";
}
When I run it in Other machince, Date value is ok!
This machince: SunOS orchid 5.10 Generic_150400-13 sun4u sparc SUNW,Ultra-4
perl version: v5.8.4 built for sun4-solaris-64int
BIND 9.9.5-P1, But this dns has not view zone!
Input file: named.stats
+++ Statistics Dump +++ (1411352600)
++ Incoming Requests ++
331205 QUERY
++ Incoming Queries ++
174193 A
1045 NS
103 CNAME
760 SOA
103046 PTR
276 MX
18 TXT
41567 AAAA
49 SRV
286 A6
2 NSEC
9863 ANY
++ Outgoing Queries ++
[View: default]
190903 A
1443 NS
971 PTR
1225 AAAA
24 SRV
[View: _bind]
++ Name Server Statistics ++
331207 IPv4 requests received
177845 requests with EDNS(0) received
23 TCP requests received
38595 auth queries rejected
2468 recursive queries rejected
330359 responses sent
27 truncated responses sent
177847 responses with EDNS(0) sent
227691 queries resulted in successful answer
197399 queries resulted in authoritative answer
91628 queries resulted in non authoritative answer
41394 queries resulted in nxrrset
267 queries resulted in SERVFAIL
19942 queries resulted in NXDOMAIN
78029 queries caused recursion
851 duplicate queries received
41063 other query failures
++ Zone Maintenance Statistics ++
513 IPv4 SOA queries sent
++ Resolver Statistics ++
[Common]
[View: default]
194568 IPv4 queries sent
188556 IPv4 responses received
1113 NXDOMAIN received
91 SERVFAIL received
863 FORMERR received
30 other errors received
877 EDNS(0) query failures
274 truncated responses received
200 lame delegations received
16212 query retries
6142 query timeouts
28491 IPv4 NS address fetches
84 IPv4 NS address fetch failed
111 queries with RTT < 10ms
144059 queries with RTT 10-100ms
44047 queries with RTT 100-500ms
250 queries with RTT 500-800ms
3 queries with RTT 800-1600ms
[View: _bind]
++ Cache DB RRsets ++
[View: default]
1087 A
583 NS
191 CNAME
1 PTR
174 AAAA
21 DS
74 RRSIG
17 NSEC
1 !A
2 NXDOMAIN
[View: _bind (Cache: _bind)]
++ Socket I/O Statistics ++
194826 UDP/IPv4 sockets opened
277 TCP/IPv4 sockets opened
194826 UDP/IPv4 sockets closed
298 TCP/IPv4 sockets closed
19 UDP/IPv4 socket bind failures
194291 UDP/IPv4 connections established
48 TCP/IPv4 connections established
25 TCP/IPv4 connections accepted
87 UDP/IPv4 recv errors
++ Per Zone Query Statistics ++
--- Statistics Dump --- (1411352600)
Output file: /tmp/zabbix_named.stats.txt
date: 1411352600 Mon Sep 22 10:23:20 2014
Cache_DB_RRsets_View_default_A: 1087
Cache_DB_RRsets_View_default_AAAA: 174
Cache_DB_RRsets_View_default_CNAME: 191
Cache_DB_RRsets_View_default_DS: 21
Cache_DB_RRsets_View_default_NS: 583
Cache_DB_RRsets_View_default_NSEC: 17
Cache_DB_RRsets_View_default_NXDOMAIN: 2
Cache_DB_RRsets_View_default_PTR: 1
Cache_DB_RRsets_View_default_RRSIG: 74
Cache_DB_RRsets_View_default__A: 1
Incoming_Queries_A: 174193
Incoming_Queries_A6: 286
Incoming_Queries_AAAA: 41567
Incoming_Queries_ANY: 9863
Incoming_Queries_CNAME: 103
Incoming_Queries_MX: 276
Incoming_Queries_NS: 1045
Incoming_Queries_NSEC: 2
Incoming_Queries_PTR: 103046
Incoming_Queries_SOA: 760
Incoming_Queries_SRV: 49
Incoming_Queries_TXT: 18
Incoming_Requests_QUERY: 331205
Name_Server_Statistics_IPv4_requests_received: 331207
Name_Server_Statistics_TCP_requests_received: 23
Name_Server_Statistics_auth_queries_rejected: 38595
Name_Server_Statistics_duplicate_queries_received: 851
Name_Server_Statistics_other_query_failures: 41063
Name_Server_Statistics_queries_caused_recursion: 78029
Name_Server_Statistics_queries_resulted_in_NXDOMAIN: 19942
Name_Server_Statistics_queries_resulted_in_SERVFAIL: 267
Name_Server_Statistics_queries_resulted_in_authoritative_answer: 197399
Name_Server_Statistics_queries_resulted_in_non_authoritative_answer: 91628
Name_Server_Statistics_queries_resulted_in_nxrrset: 41394
Name_Server_Statistics_queries_resulted_in_successful_answer: 227691
Name_Server_Statistics_recursive_queries_rejected: 2468
Name_Server_Statistics_requests_with_EDNS_0__received: 177845
Name_Server_Statistics_responses_sent: 330359
Name_Server_Statistics_responses_with_EDNS_0__sent: 177847
Name_Server_Statistics_truncated_responses_sent: 27
Outgoing_Queries_View_default_A: 190903
Outgoing_Queries_View_default_AAAA: 1225
Outgoing_Queries_View_default_NS: 1443
Outgoing_Queries_View_default_PTR: 971
Outgoing_Queries_View_default_SRV: 24
Resolver_Statistics_View_default_EDNS_0__query_failures: 877
Resolver_Statistics_View_default_FORMERR_received: 863
Resolver_Statistics_View_default_IPv4_NS_address_fetch_failed: 84
Resolver_Statistics_View_default_IPv4_NS_address_fetches: 28491
Resolver_Statistics_View_default_IPv4_queries_sent: 194568
Resolver_Statistics_View_default_IPv4_responses_received: 188556
Resolver_Statistics_View_default_NXDOMAIN_received: 1113
Resolver_Statistics_View_default_SERVFAIL_received: 91
Resolver_Statistics_View_default_lame_delegations_received: 200
Resolver_Statistics_View_default_other_errors_received: 30
Resolver_Statistics_View_default_queries_with_RTT_10-100ms: 144059
Resolver_Statistics_View_default_queries_with_RTT_100-500ms: 44047
Resolver_Statistics_View_default_queries_with_RTT_500-800ms: 250
Resolver_Statistics_View_default_queries_with_RTT_800-1600ms: 3
Resolver_Statistics_View_default_queries_with_RTT___10ms: 111
Resolver_Statistics_View_default_query_retries: 16212
Resolver_Statistics_View_default_query_timeouts: 6142
Resolver_Statistics_View_default_truncated_responses_received: 274
Socket_I_O_Statistics_TCP_IPv4_connections_accepted: 25
Socket_I_O_Statistics_TCP_IPv4_connections_established: 48
Socket_I_O_Statistics_TCP_IPv4_sockets_closed: 298
Socket_I_O_Statistics_TCP_IPv4_sockets_opened: 277
Socket_I_O_Statistics_UDP_IPv4_connections_established: 194291
Socket_I_O_Statistics_UDP_IPv4_recv_errors: 87
Socket_I_O_Statistics_UDP_IPv4_socket_bind_failures: 19
Socket_I_O_Statistics_UDP_IPv4_sockets_closed: 194826
Socket_I_O_Statistics_UDP_IPv4_sockets_opened: 194826
Zone_Maintenance_Statistics_IPv4_SOA_queries_sent: 513
The date in the output file is set to 0 initially, and then gets parsed from named.stats in this line of the script:
if (/^\+{3} Statistics Dump \+{3}\s+\((\d+)\)/) { $date = $1; $flag = 1; %RESULT = (); }
The date and time are recorded in named.stats in Unix time, the number of seconds after Jan 1st 1970.
If, for some reason, that line of the stats file does not match this expression, the date will not get set, and the script will assume that the date/time is 0, i.e. that it's Jan 1st 1970.
You will need to work out why the script is not finding the date correctly. Was named.stats available when the script ran? Did the script give any errors? Has your system clock stopped working so it thinks it's Jan 1st 1970 all the time? Etc.
If you add use strict; use warnings; to the top of the script (under the first line), this will enable warnings which will make it easier to track down errors.
Author of the script answer my question in zabbix forum:
that size оf one statistics sample < $data in Byte.
my $data=10000
I set to my $data > size оf named.stats.
It works fine.
thinks!
I am using ubuntu 12, nginx, uwsgi 1.9 with socket, django 1.5.
Config:
[uwsgi]
base_path = /home/someuser/web/
module = server.manage_uwsgi
uid = www-data
gid = www-data
virtualenv = /home/someuser
master = true
vacuum = true
harakiri = 20
harakiri-verbose = true
log-x-forwarded-for = true
profiler = true
no-orphans = true
max-requests = 10000
cpu-affinity = 1
workers = 4
reload-on-as = 512
listen = 3000
Client tests from Windows7:
C:\Users\user>C:\AppServ\Apache2.2\bin\ab.exe -c 255 -n 5000 http://www.someweb.com/about/
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/
Benchmarking www.someweb.com (be patient)
Completed 500 requests
Completed 1000 requests
Completed 1500 requests
Completed 2000 requests
Completed 2500 requests
Completed 3000 requests
Completed 3500 requests
Completed 4000 requests
Completed 4500 requests
Finished 5000 requests
Server Software: nginx
Server Hostname: www.someweb.com
Server Port: 80
Document Path: /about/
Document Length: 1881 bytes
Concurrency Level: 255
Time taken for tests: 66.669814 seconds
Complete requests: 5000
Failed requests: 1
(Connect: 1, Length: 0, Exceptions: 0)
Write errors: 0
Total transferred: 10285000 bytes
HTML transferred: 9405000 bytes
Requests per second: 75.00 [#/sec] (mean)
Time per request: 3400.161 [ms] (mean)
Time per request: 13.334 [ms] (mean, across all concurrent requests)
Transfer rate: 150.64 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 8 207.8 1 9007
Processing: 10 3380 11480.5 440 54421
Waiting: 6 1060 3396.5 271 48424
Total: 11 3389 11498.5 441 54423
Percentage of the requests served within a certain time (ms)
50% 441
66% 466
75% 499
80% 519
90% 3415
95% 36440
98% 54407
99% 54413
100% 54423 (longest request)
I have set following options too:
echo 3000 > /proc/sys/net/core/netdev_max_backlog
echo 3000 > /proc/sys/net/core/somaxconn
So,
1) I make first 3000 requests super fast. I see progress in ab and in uwsgi requests logs -
[pid: 5056|app: 0|req: 518/4997] 80.114.157.139 () {30 vars in 378 bytes} [Thu Mar 21 12:37:31 2013] GET /about/ => generated 1881 bytes in 4 msecs (HTTP/1.0 200) 3 headers in 105 bytes (1 switches on core 0)
[pid: 5052|app: 0|req: 512/4998] 80.114.157.139 () {30 vars in 378 bytes} [Thu Mar 21 12:37:31 2013] GET /about/ => generated 1881 bytes in 4 msecs (HTTP/1.0 200) 3 headers in 105 bytes (1 switches on core 0)
[pid: 5054|app: 0|req: 353/4999] 80.114.157.139 () {30 vars in 378 bytes} [Thu Mar 21 12:37:31 2013] GET /about/ => generated 1881 bytes in 4 msecs (HTTP/1.0 200) 3 headers in 105 bytes (1 switches on core 0)
I dont have any broken pipes or worker respawns.
2) Next requests are running very slow or with some timeout. Looks like that some buffer becomes full and I am waiting before it becomes empty.
3) Some buffer becomes empty.
4) ~500 requests are processed super fast.
5) Some timeout.
6) see Nr. 4
7) see Nr. 5
8) see Nr. 4
9) see Nr. 5
....
....
Need your help
check with netstat and dmesg. You have probably exhausted ephemeral ports or filled the conntrack table.