What does `SYNs to LISTEN sockets dropped` from `netstat -s` mean

Nginx accepts connections very quickly, but in extremely high-traffic situations, a connection backlog can still happen at the system level (which is a distinct bottleneck from the application-level connection handling) When this occurs, new connections will be refused.

"SYNs to LISTEN sockets dropped" is a symptom that your Nginx drops the packets. My advice is to first monitor the Nginx active connections using ngx_http_stub_status_module[1]. Then identify current system wide open file descriptors and adjust kernel parameters accordingly.

The connection queue size can be increased by modifying the somaxconn and tcp_max_syn_backlog kernel variables. Please refer these valuable resources[2][3] for more information.

  • [1] https://nginx.org/en/docs/http/ngx_http_stub_status_module.html
  • [2] http://engineering.chartbeat.com/2014/01/02/part-1-lessons-learned-tuning-tcp-and-nginx-in-ec2/
  • [3] https://www.scalyr.com/community/guides/how-to-monitor-nginx-the-essential-guide

Tags:

Netstat