I'm running webserver on centos5.4 with new 220.127.116.11 kernel. My problem is a lot of apache processes with "..reading.." request (10-15% requests are in ..reading.. status). I think, that problem are TCP connections in SYN_RECV status:
netstat -na | wc -l : 19000
netstat -na | grep SYN_RECV | wc -l : 180
There is always around 0,5-1% connections in SYN_RECV and I'm sure, that it's not DoS/DDoS attack! Could it be problem of new kernel? Or network problem?
Server is very fast and apache handle almost all request very fast but sometime it takes around 10s to handle request (process in ..reading.. state), it's clearly random, not only one IP or group of IPs. Could it problem of any limit in linux?
Server: i7 920, 24GB RAM, 100mbps
I recommend installing CSF Firewall (http://configserver.com/cp/csf.html) and enabling connection tracking. This might work as a stopgap for when you're not in front of a terminal.
I have CSF already installed, but I have not a problem with unwanted connections, server is not under attack. I'd like to speed up connections, which are in SYN_RECV state. These connections are in this state for a long time (avg 10s) and it is slowing down some request on the web server. Or maybe the problem is doing apache (v2.2.15), I don't know