Kernel does not respond with a Syn-Ack from a Source Nat (SNAT) Cisco CSM

This one was tough.. We could watch the SYN packets come into the server, but there was never a SYN-ACK. Hours of head scratching later, and after comparing working systems, we could only fild two differences:

net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 0

We did make a mistake here. We attempted to change the settings in /proc/sys/net/ipv4/tcp_tw_recycle and /proc/sys/net/ipv4/tcp_tw_reuse. This didn’t work because somebody had also changed the settings in /etc/sysctl.conf. After we set those entries to 0 and ran a ‘sysctl -p’ the kernel started responding to all SYN requests from the source-natted CSM!!!! Finally!!!

Unfortunately, I’m not completely sure what these settings do. They have something to do with fast reuse of the TIME-WAIT connections, but beyond that, I don’t have a clue. One of these days I will probably investigate this further. For now, I hope this much information is helpful to somebody.

How can I enable more than 1 process for my kernel compile?

Lifted from smp-faq:

# make [modules|zImage|bzImages] MAKE="make -jX"

Where X=max number of processes. WARNING: This won’t work for “make dep”.

Since running multiple compilers allows a machine with sufficient memory to use use the otherwise wasted CPU time during I/O caused delays make MAKE=”make -j 2″ -j 2 actually even helps on uniprocessor boxes (from Ralf B.chle).