Are you hitting Socket Resource Limits?

[braddock]

While well below my 256MB memory quota, I am finding that I am hitting socket resource limits fairly often (every time SpamAssassin runs I overrun dgramrcvbuf and numothersock). While I knew RAM would be a limited quantity, I was surprised at all of the other OpenVZ resource limitations that can be easilly hit.

I was wondering if any other users are hitting their socket resource limits?

You can tell if you are overrunning any virtual machine resource limits with:

grep -v ' 0$' /proc/user_beancounters

which will show you any resources which have exceeded their limit - ie, have a non-zero fail count (failcnt) in the last column.

In my case this is causing socket-related mail.log errors, and I fear dropped mail.

Does anyone else have any experience with how to manage within these limits?

-braddock

[kelvinn]

I'm only on a Link2, but on idle used to always use around 110 (in regards to the numothersock).

I requested from VPSLink that the limit be raised, however was notified I needed a Link3 account to reallocate resources. Since my VPS runs at around 50% utilization of memory, there isn't an immediate need to upgrade. It sounds like you are on a Link3, so maybe a support ticket would allow an official VPSLink person to upgrade your resources, I don't know.

I hunted the problem down to postfix, which I do like indeed, but it appears to hog sockets. Throwing out unneeded processes would shave about 20 used sockets, however I hate the idea of crippling postfix.

Eventually I needed to simply switch to exim4. Now I usually run at about 25 numothersock.

Are you using postfix?

Another tip for people to check what is hogging their sockets is lsof:

lsof -U

I look forward to hearing other responses

[Moonman]

What is "dgramrcvbuf" because i'm on a Link 4, and in the failcnt is "665"

[braddock]

Quote:

Originally Posted by Moonman

What is "dgramrcvbuf" because i'm on a Link 4, and in the failcnt is "665"

I found resource definitions at (not formatted correctly): http://forums.cacti.net/files/extend...n_data_202.txt

dgramrcvbuf = "The total size of receive buffers of UDP and other datagram protocols."

The corresponding tcprcvbuf defintion has a little more detail: "i.e. the amount of kernel memory allocated for the data received from the remote side, but not read by the local application yet."

My Link-3 barrier for dgramrcvbuf is set at 108000. If that means only 108 kbytes, then I'm not surprised that it is routinely exceeded!

numothersock = "The number of sockets other than TCP ones. Local
(UNIX-domain) sockets are used for communications inside the system. UDP
sockets are used, for example, for Domain Name Service (DNS) queries. UDP
and other sockets may also be used in some very specialized applications
(SNMP agents and others)."

My Link-3 numothersock limit is 256. From what I can find, on a "real" Linux kernel it is at least 4,096, and usually much higher.

[braddock]

Quote:

Originally Posted by kelvinn

I requested from VPSLink that the limit be raised, however was notified I needed a Link3 account to reallocate resources. Since my VPS runs at around 50% utilization of memory, there isn't an immediate need to upgrade. It sounds like you are on a Link3, so maybe a support ticket would allow an official VPSLink person to upgrade your resources, I don't know.

Thanks kelvinn. I did file a trouble ticket, but was told I would have to upgrade to Link4 to increase the limit. Since moonman is on Link4 and is at least still hitting the dgramrcvbuf limit, I'm not sure even that will help.

You are entirely correct about the numothersock limit excesses being due to postfix. Postfix master is using a lot of sockets to talk to its various children. Thanks for that 'lsof -U' gem.

However, I've now made enough tweaks (below) that I don't seem to be routinely exceeding the socket number limit. But that dgramrcvbuf buffer size limit is tougher...spamassassin still exceeds that fairly regularly.

Here is a set of tweaks that I did to limit my socket usage...not by much, but after a few hours at least I haven't exceeded my numothersock socket count:

Tweaking the number of sockets used down:

1) Make dovecot use a single login process.

Edit /etc/dovecot/dovecot.conf, add line:
login_processes_count = 1
(instead of the default of 5)
saves about 10 sockets in the numothersock resource.
/etc/init.d/dovecot restart

2) Make spamassassin use a single process thread:

Edit /etc/default/spamassassin, set '--max-children 1'
Saves at least 3 sockets, probably much more when spam is run through.
/etc/init.d/spamassassin restart

3) Make saslauthd use a single thread (instead of default 5)
Edit /etc/default/saslauthd and add "-n 1" to the PARAMS line.

Note that /etc/init.d/saslauthd stop failes to work. I had to do a
'killall saslauthd' and then '/etc/init.d/saslauthd start'
Saves possibly 8 sockets.

I also tried stopping the spamassassin daemon entirely, and just having procmail run it stand-alone hoping that would cut down on IPC...but to no avail, dgramrcvbuf is still hitting the limit at least half the time.

[pablasso]

maybe you could avoid using spamassassin as it is such a hogger

http://www.freesoftwaremagazine.com/..._spam_postfix/

[vpslinkdotcom]

Guys,

Thanks for bringing this to my attention. We're going to be pushing out new values in short order. There was a fairly high incident rate of failure with dgramrcvbuf.

[Moonman]

Thanks guys, it just keeps getting better

[braddock]

Quote:

Originally Posted by vpslinkdotcom

We're going to be pushing out new values in short order.

Nifty! Can't wait to see the new values.

pablasso - thanks for that anti-spam article tip. I didn't think it was possible without SpamAssassin (my host receives over 10k spam attempts per day), but simple greylisting, HELO restrictions, and RBL's have entirely eliminated any spam.

[braddock]

Quote:

Originally Posted by vpslinkdotcom

We're going to be pushing out new values in short order. There was a fairly high incident rate of failure with dgramrcvbuf.

Any update on when the more realistic socket limit values will be pushed out?

I've been logging my beans file for a couple weeks, and hit the dgramrcvbuf limit about once or twice every day with a fairly minimal mail server setup on a Link 3 VPS.

I worry about a key piece of e-mail getting glitched...