You can modify the size of the hash table that the kernel uses to look up Transmission Control Protocol (TCP) control blocks. The inet subsystem attribute tcbhashsize specifies the number of hash buckets in the kernel TCP connection table (the number of buckets in the inpcb hash table).

Performance Benefits and Tradeoffs

The kernel must look up the connection block for every TCP packet it receives, so increasing the size of the table can speed the search and improve performance. This results in a small increase in pooled memory.

You can modify the tcbhashsize attribute without rebooting the system.

When to Tune

Increase the number of hash buckets in the kernel TCP connection table if you have an server.

Recommended Values

The default value of the tcbhashsize attribute is 512. For servers, set the tcbhashsize attribute to 16384.

2.2.2.2 Increasing the Number of TCP Hash Tables

You can increase the number of hash tables the kernel uses to look up TCP control blocks. Because the kernel must look up the connection block for every Transmission Control Protocol (TCP) packet it receives, a bottleneck may occur at the TCP hash table in SMP systems. Increasing the number of tables distributes the load and may improve performance. The inet subsystem attribute tcbhashnum specifies the number of TCP hash tables.

Performance Benefits and Tradeoffs

For SMP systems, you may be able to reduce hash table lock contention by increasing the number of hash tables that the kernel uses to look up TCP control blocks. This will slightly increase pooled memory.

You cannot modify the tcbhashnum attribute without rebooting the system.

When to Tune

Increase the number of TCP hash tables if you have an SMP system that is an server.

Recommended Values

The minimum value of the tcbhashnum attribute is 1 (the default). The maximum value is 64. For busy server SMP systems, you can increase the value of the tcbhashnum attribute to 16. If you increase this attribute, you should also increase the size of the hash table by a similar factor. See Section 2.2.2.1 for more information.

Compaq recommends that you make the value of the tcbhashnum attribute the same as the value of the inet subsystem attribute ipqs .

2.2.2.3 Increasing the Size of the Kernel Interface Alias Table

The inet subsystem attribute inifaddr_hsize specifies the number of hash buckets in the kernel interface alias table ( in_ifaddr ).

If a system is used as a server for many different server domain names, each of which is bound to a unique IP address, the code that matches arriving packets to the right server address uses the hash table to speed lookup operations for the IP addresses.

Performance Benefits and Tradeoffs

Increasing the number of hash buckets in the table can improve performance on systems that use large numbers of aliases.

When to Tune

Increase the number of hash buckets in the kernel interface alias table if your system uses large numbers of aliases.

You can modify the inifaddr_hsize attribute without rebooting the system.

Recommended Values

The default value of the inet subsystem attribute inifaddr_hsize is 32; the maximum value is 512.

For the best performance, the value of the inifaddr_hsize attribute is always rounded down to the nearest power of 2. If you are using more than 500 interface IP aliases, specify the maximum value of 512. If you are using fewer than 250 aliases, use the default value of 32. For a number of aliases between 250 and 500, use a value that is a power of 2 between 32 and 512.

2.2.2.4 Increasing the TCP Partial Connection Timeout Rate

If increasing the somaxconn limit does not prevent the listen queue from filling, or if the default grows to an excessive length, you can make partial connections time out sooner by decreasing the value of the inet subsystem attribute tcp_keepinit .

The tcp_keepinit attribute specifies the amount of time that a partial connection remains on the socket listen queue before it times out.

Performance Benefits and Tradeoffs

Network performance can degrade if a client overfills a socket listen queue with TCP SYN packets, thereby blocking other users from the queue. To eliminate this problem, increase the value of the sominconn attribute to its maximum value. If the system continues to drop SYN packets, decrease the value of the tcp_keepinit attribute to 30 (15 seconds). Monitor the values of the sobacklog_drops and somaxconn_drops attributes to determine whether the system is dropping packets. (See Section 2.3.2 for more information about event counters.)

You can modify the tcp_keepinit attribute without rebooting the system.

When to Tune

Modify the TCP partial-connection timeout limit only if the value of the somaxconn_drops attribute increases often. If this occurs, decrease the value of the tcp_keepinit attribute.

Recommended Values

The value of the tcp_keepinit attribute is in units of 0.5 seconds. The default value is 150 units (75 seconds). If the value of the sominconn attribute is 65535, use the default value of the tcp_keepinit attribute.

If you set the value of the tcp_keepinit attribute too low, you may prematurely break connections associated with clients on network paths that are slow or network paths that lose many packets. Do not set the value to less than 20 units (10 seconds).

2.2.2.5 Slowing TCP Retransmission Rate

The inet subsystem attribute tcp_rexmit_interval_min specifies the minimum amount of time before the first TCP retransmission.

Performance Benefits and Tradeoffs

You can increase the value of the tcp_rexmit_interval_min attribute to slow the rate of TCP retransmissions, which decreases congestion and improves performance.

You can modify the tcp_rexmit_interval_min attribute without rebooting the system.

When to Tune

Not every connection needs a long retransmission time. Usually, the default value is adequate. However, for some wide area networks (WANs), the default retransmission interval may be too small, causing premature retransmission timeouts. This may lead to duplicate transmission of packets and the erroneous invocation of the TCP congestion-control algorithms.

To check for retransmissions, use the netstat -p tcp command and examine the output for data packets retransmitted.

Recommended Values

The tcp_rexmit_interval_min attribute is specified in units of 0.5 second. The default value is 2 units (1 second).

Do not specify a value that is less than 1 unit. Do not change the attribute unless you fully understand TCP algorithms and your network topology.

2.2.2.6 Enabling the TCP Keepalive Function

The keepalive function enables the periodic transmission of messages on a connected socket in order to keep connections active. Sockets that do not exit cleanly are cleaned up when the keepalive interval expires. If keepalive is not enabled, those sockets continue to exist until you reboot the system.

Applications enable keepalive for sockets by setting the setsockopt function's SO_KEEPALIVE option. To override programs that do not set keepalive , or if you do not have access to the application sources, use the inet subsystem attribute tcp_keepalive_default to enable keepalive functionality.

Performance Benefit

Keepalive functionality cleans up sockets that do not exit cleanly when the keepalive interval expires.

You can modify the tcp_keepalive_default attribute without rebooting the system. However, sockets that already exist will continue to use old behavior, until the applications are restarted.

When to Tune

Enable keepalive if you require this functionality, and you do not have access to the source code.

Recommended Values

To override programs that do not set keepalive, or if you do not have access to application source code, set the inet subsystem attribute tcp_keepalive_default to 1 in order to enable keepalive for all sockets.

If you enable keepalive, you can also configure the following TCP options for each socket:

Table 2-4 TCP Keepalive Options

Option	Description
tcp_keepidle	Specifies the amount of idle time, in 0.5-second units, before sending a keepalive probe. The default interval is 75 seconds.
tcp_keepintvl	Specifies the amount of time, in 0.5-second units, between retransmission of keepalive probes. The default interval is 75 seconds.
tcp_keepcnt	Specifies the maximum number of keepalive probes that are sent before the connection is dropped. The default is 8 probes.
tcp_keepinit	Specifies the maximum amount of time, in 0.5-second units, before an initial connection attempt times out. The default is 75 seconds.

2.2.2.7 Increasing the Timeout Rate for TCP Connection Context

The TCP protocol includes a concept known as the Maximum Segment Lifetime (MSL). When a TCP connection enters the TIME_WAIT state, it must remain in this state for twice the value of the MSL; otherwise, undetected data errors on future connections can occur. The inet subsystem attribute tcp_msl determines the maximum lifetime of a TCP segment and the timeout value for the TIME_WAIT state.

In some situations, the default timeout value for the TIME_WAIT state (60 seconds) is too large, thereby reducing the value of the tcp_msl attribute frees connection resources sooner than the default setting.

Performance Benefits and Tradeoffs

You can decrease the value of the tcp_msl attribute to make the TCP connection context time out more quickly at the end of a connection. However, this will increase the chance of data corruption.

You can modify the tcp_msl attribute without rebooting the system.

When to Tune

Usually, you do not have to modify the timeout limit for the TCP connection context.

Recommended Values

The value of the tcp_msl attribute is set in units of 0.5 second. The default value is 60 units (30 seconds), which means that the TCP connection remains in TIME_WAIT state for 60 seconds, or twice the value of the MSL.

Do not reduce the value of the tcp_msl attribute unless you fully understand the design and behavior of your network and the TCP protocol. It is strongly recommended that you use the default value; otherwise, there is the potential for data corruption.

2.2.2.8 Modifying the Range of Outgoing Connection Ports

When a TCP or UDP application creates an outgoing connection, the kernel dynamically allocates a nonreserved port number for each connection. The kernel selects the port number from a range of values between the value of the inet subsystem attribute ipport_userreserved_min and the value of the ipport_userreserved attribute. Using the default values for these attributes, the range of outgoing ports starts at 49152 and stops at 65535.

Performance Benefits and Tradeoffs

Modifying the range of outgoing connections provides TCP and UDP applications with a specific range of ports.

You can modify the ipport_userreserved_min and ipport_userreserved attributes without rebooting the system.

When to Tune

If your system requires outgoing ports from a particular range, you can modify the values of the ipport_userreserved_min and ipport_userreserved attributes.

Recommended Values

The default value of the ipport_userreserved_min attribute is 49152. The default value of the ipport_userreserved is 65535. The maximum value of each attributes is 65535.

Do not reduce the ipport_userreserved attribute to a value that is less than 65535, and do not reduce the ipport_userreserved_min attribute to a value that is less than 49152.

2.2.2.9 Disabling Use of the PMTU Protocol

Packets transmitted between servers are fragmented into units of a specific size in order to ease transmission of the data over routers and small-packet networks, such as Ethernet networks. When the inet subsystem attribute pmtu_enabled is enabled (set to 1, which is the default behavior), the system determines the largest common path maximum transmission unit (PMTU) value between servers and uses it as the unit size. The system also creates a routing table entry for each client network that attempts to connect to the server.

Performance Benefits and Tradeoffs

If a server handles traffic among many remote clients, disabling the use of a PMTU can decrease the size of the kernel routing table, which improves server efficiency. However, on a server that handles local traffic and some remote traffic, disabling the use of a PMTU can degrade bandwidth.

When to Tune

If an server has poor performance and the routing table increases to more than 1000 entries, you should disable the use of PMTU. This is also recommended if you have a server that handles traffic among many remote clients.

Recommended Values

To disable the use of PMTU protocol, set the value of the pmtu_enabled attribute to 0.

2.3 Monitoring Servers

Two ways to monitor the behavior of your server and to diagnose performance problems are:

• Using the netstat command
  This command displays a list of active sockets for each network protocol, information about network routes, and cumulative statistics for network interfaces, including the number of incoming and outgoing packets and the number of packet collisions. The netstat command also displays information about memory used for network operations. For more information about monitoring the network, see Section 2.3.1 .
• Monitoring socket subsystem event counters
  The socket subsystem attributes sobacklog_hiwat , sobacklog_drops , and somaxconn_drops track events related to socket listen queues. By monitoring these attributes, you can determine if the queues are overflowing. See Section 2.3.2 for information more information about event counters.

The netstat command displays network statistics, including information about network routes and active sockets for each protocol. The command also displays cumulative statistics for network interfaces, including the number of incoming and outgoing packets and packet collisions, information about memory used for network operations, and statistics related to IP, ICMP, TCP, and UDP protocol layers. You can use the netstat command to identify problems by looking for large numbers of bad checksums, retransmissions, and error packets.

Some problems to look for are:

• If the output of the netstat -i command shows excessive amounts of input errors (Ierrs), output errors (Oerrs), or collisions (Coll), this may indicate a network problem; for example, cables may not be connected properly or the Ethernet may be saturated.
• The netstat -m command shows statistics for network-related data structures. Use this command to determine if the network is using an excessive amount of memory in proportion to the number of sockets in use.

The following example shows the output of the netstat -m command:

TCPIP> netstat -m 134 mbufs in use: 1 mbufs allocated to data 1 mbufs allocated to packet headers 24 mbufs allocated to socket structures (1) 35 mbufs allocated to protocol control blocks (2) 18 mbufs allocated to routing table entries 2 mbufs allocated to socket names and addresses 13 mbufs allocated to interface addresses 1 mbufs allocated to OpenVMS kernel table 2 mbufs allocated to OpenVMS ip multicast address 2 mbufs allocated to OpenVMS interface multicast addess 1 mbufs allocated to OpenVMS IFNET structure 3 mbufs allocated to OpenVMS TCPIP Timer structure 3 mbufs allocated to OpenVMS LAN VCI VCIB structure 1 mbufs allocated to OpenVMS LAN MCAST_REQ structure 5 mbufs allocated to OpenVMS SELECT structure 1 mbufs allocated to OpenVMS ACP AQB 1 mbufs allocated to OpenVMS ACP INETCB 1 mbufs allocated to OpenVMS Driver requested REQCB 19 mbufs allocated to OpenVMS ACP allocated SERV Structure

1. This line indicates there are 24 sockets in use (1 mbuf allocated for each socket).
2. There are two protocol control blocks allocated for each TCP socket and one protocol control block for each UDP socket. The 35 mbuf listed is a mix of PCBs allocated for TCP and UDP sockets. Output from the TCPIP SHOW DEVICE_SOCKET command will tell you how many TCP and UDP sockets are allocated.

By comparing the information output from the netstat -m and the TCPIP command SHOW DEVICE_SOCKET, you can estimate whether the system is using an excessive amount of memory for the number of allocated sockets.

If you sense that TCP/IP Services is using an excessive amount of memory for the number of sockets, there may be a memory leak. Capture the output from the netstat -m and the TCPIP SHOW DEVICE_SOCKET commands and save for documenting the condition.

The following table shows variations of the netstat command that can reveal network problems:

Command	Purpose
netstat -p ip	Checks for bad checksums, length problems, excessive redirects, and packets lost because of resource problems.
netstat -p tcp	Checks for retransmissions, out of order packets, and bad checksums.
netstat -p udp	Looks for bad checksums and full sockets.
netstat -rs	Obtains routing statistics.
netstat -s	Simultaneously displays statistics related to the IP, ICMP, TCP, and UDP protocol layers.
netstat -is	Checks for network device driver errors.

For more information about netstat , see Appendix A.

2.3.2 Displaying Socket Statistics

The socket subsystem has three attributes that monitor socket listen queue events:

• The sobacklog_hiwat attribute counts the maximum number of pending requests to any server socket.
• The sobacklog_drops attribute counts the number of times the system dropped a received SYN packet because the number of queued SYN_RCVD connections for a socket equaled the socket's backlog limit.
• The somaxconn_drops attribute counts the number of times the system dropped a received SYN packet because the number of queued SYN_RCVD connections for the socket equaled the upper limit on the backlog length ( somaxconn attribute).

The initial value of these attributes is 0. Use the sysconfig -q socket command to display the current attribute values. If the values show that the queues are overflowing, you may need to increase the socket listen queue limit.

The value of the sominconn attribute should equal the value of the somaxconn attribute. When these two attributes are equal, the value of somaxconn_drops will have the same value as sobacklog_drops .

However, if the value of the sominconn attribute is 0 (the default), and if one or more server applications uses an inadequate value for the backlog argument to its listen system call, the value of sobacklog_drops may increase at a rate that is faster than the rate at which the somaxconn_drops counter increases. If this occurs, you may want to increase the value of the sominconn attribute. See Section 2.2.1.2 for more information.