This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
Jay, > We have raised the max_connections to 1024 and the system has file > descriptor limit of 8192 currently. We are still seeing numerous messages > that are repeating in bunches throughout the log: > > May 12 10:32:11 vm-lnx-mrms-ldmouta rpc.ldmd[23281] NOTE: Denying > connection from [10.60.114.185] because too many clients > May 12 10:32:11 vm-lnx-mrms-ldmouta rpc.ldmd[23281] NOTE: Denying > connection from [10.60.113.232] because too many clients > May 12 10:32:11 vm-lnx-mrms-ldmouta rpc.ldmd[23281] NOTE: Denying > connection from [10.60.114.185] because too many clients > May 12 10:32:11 vm-lnx-mrms-ldmouta rpc.ldmd[23281] NOTE: Denying > connection from [10.60.113.219] because too many clients All in the same second from the same downstream LDM. > There is also another set of connection denials for a different reason that > we see littered in the logs. (Clients who are not in the ldmd.conf > attempting to connect). > > May 12 10:31:00 vm-lnx-mrms-ldmouta rpc.ldmd[1325] NOTE: Denying connection > from "ldm.nohrsc2.noaa.gov" because not allowed > May 12 10:31:12 vm-lnx-mrms-ldmouta rpc.ldmd[1373] NOTE: Denying connection > from "ldm.nohrsc2.noaa.gov" because not allowed > May 12 10:31:13 vm-lnx-mrms-ldmouta rpc.ldmd[1383] NOTE: Denying connection > from "ec2-52-21-11-71.compute-1.amazonaws.com" because not allowed > May 12 10:31:52 vm-lnx-mrms-ldmouta rpc.ldmd[1868] NOTE: Denying connection > from "tornado.geos.ulm.edu" because not allowed > May 12 10:32:12 vm-lnx-mrms-ldmouta rpc.ldmd[2101] NOTE: Denying connection > from "ldm.nohrsc2.noaa.gov" because not allowed Every 30 seconds. This is what I expect from a downstream LDM that's not allowed to connect. > We do not have any firewall restrictions in place for our ldmout host. Our > theory is that these type of unauthorized connection requests are also > using up sockets temporarily and thus causing us to hit the 1024 limits. Is > that a plausible explanation for why we keep seeing connection denials due > to too many clients? That's plausible. Until the limit on the maximum number of clients is reached and as long as the downstream LDM is allowed to connect for any reason, the LDM server will fork an upstream LDM child-process to handle the connection. There could be many such upstream LDM child-processes -- even if they logically terminate immediately. You might try using the ps(1) utility to see the child-processes: ps -ef | fgrep ldmd Pipe the output of this command to wc(1) to determine their number (subtract one for the LDM server). Regards, Steve Emmerson Ticket Details =================== Ticket ID: NVP-211237 Department: Support LDM Priority: Normal Status: Closed =================== NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.