greetings!
i setup a new tor exit server and am seeing this in the log messages:
18:25:01 [WARN] Failing because we have 1352 connections already. Please read doc/TUNING for guidance. [11430 similar message(s) suppressed in last 21600 seconds]
any ideas why?
this is happening on a shared VPS, running ubuntu 16.04 and tor v0.2.8.8. i'm starting to think it's some limitation by the VPS provider.
uname -a shows a old kernel (possibly centos 6):
Linux km14133-25 2.6.32-042stab113.21 #1 SMP Wed Mar 23 11:05:25 MSK 2016 x86_64 x86_64 x86_64 GNU/Linux
i've made sure tor has enough "max open files" available via limits.conf:
# cat /proc/$(pgrep tor)/limits|grep "open files" Max open files 65536 65536 files
i'm starting to scratch my head. maybe i should do some intense debugging on this box..
cheers, david
Hello David,
Am 27.09.2016 um 19:47 schrieb David S:
i setup a new tor exit server and am seeing this in the log messages:
18:25:01 [WARN] Failing because we have 1352 connections already. Please read doc/TUNING for guidance. [11430 similar message(s) suppressed in last 21600 seconds]
any ideas why?
this is happening on a shared VPS, running ubuntu 16.04 and tor v0.2.8.8. i'm starting to think it's some limitation by the VPS provider.
uname -a shows a old kernel (possibly centos 6):
Linux km14133-25 2.6.32-042stab113.21 #1 SMP Wed Mar 23 11:05:25 MSK 2016 x86_64 x86_64 x86_64 GNU/Linux
This kernel usually indeed runs on a system based on CentOS 6, the kernel version points to a Virutozzo/OpenVZ kernel, possibly the distribution is the "VzLinux" provided by Virtuozzo which is derived from CentOS 6.
i'm starting to scratch my head. maybe i should do some intense debugging on this box..
If your system indeed runs in a Virtuozzo/OpenVZ container, the container itself has limits imposed by the VPS provider that differ from the ones you would expect from a regular Linux system. The relevant parameters are available to you in /proc/user_beancounters. Just look there and especially check if any of them are maxed out or have previous failures. Especially parameters like "tcpsndbuf", "tcprcvbuf" or "numothersock" could be relevant to your use case.
A good point to start understanding these parameters would be the following KB article:
Of course the error message could also be caused by something else but since your VPS seems to be Virtuozzo based, the beancounters would be the first thing I would check.
Helmut
Hi Helmut,
Thank you very much for the helpful reply. Indeed it is OpenVZ which is the limiting factor. I'm limited to 1360 tcp sockets. Here are the entries from /proc/user_beancounters where failcnt > 0 (the last column):
numtcpsock 1277 1360 1360 1360 99386 tcprcvbuf 9230648 11782776 11720320 12703360 687422 lockedpages 3 4096 4096 4096 47122
Long term, i'll provide use a different provider (with KVM). Short term i'm trying out different options to migitate the problem:
ConstrainedSockets 1
Next up, I'm thinking of reducing the TCP timeout value, or similar.
Greetings, David
I'm limited to 1360 tcp sockets.
That's really bad for a Tor node, and I'm not sure you'll be able to work around it effectively. Even my non-exit nodes routinely have 7000 - 8000 established sockets.
tor-relays@lists.torproject.org
-
David S -
Green Dream -
Hoshpak