[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[LDM #NVP-211237]: LDM help: "NOTE: Denying connection from [*********] because too many clients."

This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.

  • Subject: [LDM #NVP-211237]: LDM help: "NOTE: Denying connection from [*********] because too many clients."
  • Date: Fri, 12 May 2017 09:41:56 -0600
Jay,

> We have raised the max_connections to 1024 and the system has file
> descriptor limit of 8192 currently. We are still seeing numerous messages
> that are repeating in bunches throughout the log:
> 
> May 12 10:32:11 vm-lnx-mrms-ldmouta rpc.ldmd[23281] NOTE: Denying
> connection from [10.60.114.185] because too many clients
> May 12 10:32:11 vm-lnx-mrms-ldmouta rpc.ldmd[23281] NOTE: Denying
> connection from [10.60.113.232] because too many clients
> May 12 10:32:11 vm-lnx-mrms-ldmouta rpc.ldmd[23281] NOTE: Denying
> connection from [10.60.114.185] because too many clients
> May 12 10:32:11 vm-lnx-mrms-ldmouta rpc.ldmd[23281] NOTE: Denying
> connection from [10.60.113.219] because too many clients

All in the same second from the same downstream LDM.

> There is also another set of connection denials for a different reason that
> we see littered in the logs. (Clients who are not in the ldmd.conf
> attempting to connect).
> 
> May 12 10:31:00 vm-lnx-mrms-ldmouta rpc.ldmd[1325] NOTE: Denying connection
> from "ldm.nohrsc2.noaa.gov" because not allowed
> May 12 10:31:12 vm-lnx-mrms-ldmouta rpc.ldmd[1373] NOTE: Denying connection
> from "ldm.nohrsc2.noaa.gov" because not allowed
> May 12 10:31:13 vm-lnx-mrms-ldmouta rpc.ldmd[1383] NOTE: Denying connection
> from "ec2-52-21-11-71.compute-1.amazonaws.com" because not allowed
> May 12 10:31:52 vm-lnx-mrms-ldmouta rpc.ldmd[1868] NOTE: Denying connection
> from "tornado.geos.ulm.edu" because not allowed
> May 12 10:32:12 vm-lnx-mrms-ldmouta rpc.ldmd[2101] NOTE: Denying connection
> from "ldm.nohrsc2.noaa.gov" because not allowed

Every 30 seconds. This is what I expect from a downstream LDM that's not
allowed to connect.

> We do not have any firewall restrictions in place for our ldmout host. Our
> theory is that these type of unauthorized connection requests are also
> using up sockets temporarily and thus causing us to hit the 1024 limits. Is
> that a plausible explanation for why we keep seeing connection denials due
> to too many clients?

That's plausible. Until the limit on the maximum number of clients is
reached and as long as the downstream LDM is allowed to connect for any
reason, the LDM server will fork an upstream LDM child-process to handle the
connection. There could be many such upstream LDM child-processes -- even if
they logically terminate immediately.

You might try using the ps(1) utility to see the child-processes:

    ps -ef | fgrep ldmd

Pipe the output of this command to wc(1) to determine their number
(subtract one for the LDM server).

Regards,
Steve Emmerson

Ticket Details
===================
Ticket ID: NVP-211237
Department: Support LDM
Priority: Normal
Status: Closed
===================
NOTE: All email exchanges with Unidata User Support are recorded in the Unidata 
inquiry tracking system and then made publicly available through the web.  If 
you do not want to have your interactions made available in this way, you must 
let us know in each email you send to us.