3

We have deployed Network Load Balancer target to nginx webserver using PHP-FPM.

We are receiving various reset count shown in below image. Could any one help understanding these counts?

CloudWatch metrics

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Hitesh
  • 132
  • 1
  • 9

1 Answers1

5

These are TCP RST packet counts. For a TCP connection to remain alive, either party should exchange some data before idle timeout. On a UNIX OS (server/target), idle timeout is governed either by tcp_keepalive_time or tcp_keepidle parameter. On the client it depends upon how it's implemented or it may use the same parameters if it's also a UNIX OS. If either of the parties fail to send any data, the connection is closed after which if a client or a server send anything they'll receive a TCP packet with RST bit set and they'll know that the connection is no longer valid.

  • Client Reset Count: The total number of reset (RST) packets sent from a client to a target

  • Target Reset Count: The total number of reset (RST) packets sent from a target to a client

  • Load balancer Reset Count: The total number of reset (RST) packets generated by the load balancer. It usually happens in cases where any target has started to fail or is being marked unhealthy or for a connection request to a target which is already marked unhealthy.

Rahul Sharma
  • 5,562
  • 4
  • 24
  • 48
  • What should be the ideal values for all of these three? – Hitesh Oct 10 '22 at 17:34
  • That totally depends upon your traffic. Looking at your current `New Flow Count TLS`, I'd say it look okay assuming target closed the connection only after serving the request (which you can check by yourself). – Rahul Sharma Oct 10 '22 at 17:38
  • I already reduced tcp_keepalive_time to 60, but i still getting client and load balancer reset count. what should i look into to make both of them to zero? – Hitesh Oct 11 '22 at 01:22
  • 1
    You can't do much about client. For example, client sent RST because maybe someone closed the tab on their browser and the connection is not valid. Same goes with load balancer reset count, however you can look at one place to reduce it i.e. why your targets go unhealthy, if they do at all. – Rahul Sharma Oct 11 '22 at 05:16