000020006 - ClearTrust: Large number of TIME_WAIT connections displayed in ClearTrust Authorization Server host

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000020006
Applies ToRSA ClearTrust 4.7.1 Authorization Server (AServer)
RSA ClearTrust 4.7.1
Sun Solaris 2.8
IssueClearTrust: Large number of TIME_WAIT connections displayed in ClearTrust Authorization Server host
CauseAfter both the server and the client have closed a TCP connection, the Solaris operating system will, by default, wait 4 minutes before making the TCP port available again. This reduces the risk of another client using the same port receiving packages intended for the original client.
ResolutionTo reduce the number of connections in TIME_WAIT state at a given time, change the "tcp_time_wait_interval" parameter from 240000 milliseconds to 60000 ms (60 sec) using the following steps:

1. Use the "netstat -naP tcp" or "netstat -naP tcp|grep TIME_WAIT" to look for TIME_WAIT connections

2. Modify the parameter "tcp_time_wait_interval" using the following:
        "ndd -set /dev/tcp tcp_time_wait_interval 60000"

3. Confirm the parameter was updated properly by using the following:
        "ndd /dev/tcp tcp_time_wait_interval"
Legacy Article IDa13844

Attachments

    Outcomes