Can I make TCP/IP session to run less than 60 seconds?

Our server is overloaded with TCP/IP sessions, we have 1200 - 1500 of them. Most of them are hanging in TIME_OUT state. It turns out that a connection in TIME_OUT state occupies a socket until 60 second time-out is elapsed.

The problem is that the server gets unresponsive and many clients are not getting served.

I have made a simple test: download an XML file from the server with Internet Explorer 8.0 The download finishes in a fraction of second. But then I see that the TCP/IP connection is hanging in TIME_OUT state for 60 seconds.

Is there any way to get rid of TIME_OUT waiting or make it less to free the socket for new connections?

I understand why TCP/IP connection enters TIME_OUT state, but I don't understand why Internet Explorer does not close the connection after the XML file download is over.

The details.

Our server runs web service written in Perl (mod-perl). The service provides weather data to clients. Client is a Flash appication (actually Flash ActiveX control embedded in Windows application).

OS: Ubuntu

Apache "Keep Alive" option is set to 0


Solution 1:

This is a setting in your TCP stack. Since we don't know what platform you're on we can't say exactly what it's called and how to change it.

UPDATE

So you're using Ubuntu. You can use sysctl to reduce the net.inet.tcp.msl value to half the desired TIME_WAIT duration (in milliseconds -- see man -S 4 tcp), e.g. sysctl net.inet.tcp.msl=2500. Beware of the implications of doing so with respect to wandering packets that may arrive after the TIME_WAIT period elapses.

Solution 2:

I assume you mean TIME_WAIT. The peer that initiates the active close is the one that enters TIME_WAIT (see state transition diagram here) so if you can have your client close the connection then you'll move the TIME_WAIT off to the client. See this answer for more details and a link to a good article about TIME_WAIT problems and how to solve them.

Another alternative, if you cant have the client issue the active close, is to reset the connection by setting linger to false before closing it. This causes an RST to be sent rather than FIN.