I'm running webserver on centos5.4 with new 220.127.116.11 kernel. My problem is a lot of apache processes with "..reading.." request (10-15% requests are in ..reading.. status). I think, that problem are TCP connections in SYN_RECV status:
netstat -na | wc -l : 19000
netstat -na | grep SYN_RECV | wc -l : 180
There is always around 0,5-1% connections in SYN_RECV and I'm sure, that it's not DoS/DDoS attack! Could it be problem of new kernel? Or network problem?
Server is very fast and apache handle almost all request very fast but sometime it takes around 10s to handle request (process in ..reading.. state), it's clearly random, not only one IP or group of IPs. Could it problem of any limit in linux?
Server: i7 920, 24GB RAM, 100mbps
Sorry for my bad english...