Overall Performance Slow in GUI. Large number of TIME_WAIT reported via netstat -a | grep TIME_WAIT | wc -l


Overall Performance Slow in GUI. Large number of TIME_WAIT reported via  netstat -a | grep TIME_WAIT | wc -l


Check the 'ndd' settings on this server and reduce the tcp wait time interval.

For Solaris 2.6 or previous use the following command:
/usr/sbin/ndd -get /dev/tcp tcp_close_wait_interval

For Solaris 7 or above use the following command:
/usr/sbin/ndd -get /dev/tcp tcp_time_wait_interval

For HP-UX 11 use the following command:
/usr/bin/ndd -get /dev/tcp tcp_time_wait_interval
(NOTE: The equivalent command on HP-UX 10 is "nettune" instead of "ndd".)

The above commands will display what the current setting, which is typically 240000 milliseconds.   In most cases this can be shortened to about 60 seconds (60000) and may eliminate the problem.

The command to set it to 60000 on Solaris 2.6 and previous versions is:
/usr/sbin/ndd -set /dev/tcp tcp_close_wait_interval 60000

The command to set it to 60000 on Solaris 7 and later versions is:
/usr/sbin/ndd -set /dev/tcp tcp_time_wait_interval 60000
The default is 60000 on Solaris 10
To set it to 10000 and to hold the value after reboot:
touch /etc/rc2.d/S99networktuning
chmod 744 /etc/rc2.d/S99networktuning
ln -s /etc/rc2.d/S99networktuning /etc/init.d/network_ndd
echo "/usr/sbin/ndd -set /dev/tcp tcp_time_wait_interval 10000" > /etc/init.d/network_ndd
/etc/rc2.d/S99networktuning  start
/usr/sbin/ndd -get /dev/tcp tcp_time_wait_interval

The command to set it to 60000 on HP-UX 11 is:
/usr/bin/ndd -set /dev/tcp tcp_time_wait_interval 60000

The "ndd" command makes the change immediately, without a need for a reboot.  However, this setting will go back to default after a reboot.  To ensure the value remains set to what is necessary after a reboot, the command can be added to the appropriate TCP/IP startup script.  On Solaris 7-9, this is /etc/rc2.d/S69inet or on HP-UX 11 see /etc/rc.config.d/nddconf.

Note: Changing this setting will affect all network applications that use TCP/IP.  A value of 60 seconds is considered safe by virtually all vendors.  Lower values may cause retransmitted packets to be received after a port is reused.  This may result in data from one application being presented to a different application, which will likely lead to an application fault and perhaps a breach of data security.  If all hosts that communicate with this host are in the same data center then perhaps a value of 10-30 seconds could be used because there wouldn't be any international or satellite links in the network route.  A value of one second should never be used, instead it would be far better to determine why so many sockets are being created so fast and address the implementation that leads to the condition.


Terms of use for this information are found in Legal Notices.



Did this article answer your question or resolve your issue?


Did this article save you the trouble of contacting technical support?


How can we make this article more helpful?

Email Address (Optional)