Solution to linux under a large number of TIME WAIT
- 2020-05-06 12:10:55
- OfStack
problem description:
high concurrency Squid server in Linux system, TCP TIME_WAIT socket number often reach 20,000 to 30,000, the server can be easily dragged dead.
solution:
reduces the number of IME_WAIT sockets on linux servers by modifying the Linux kernel parameters.
vi /etc/sysctl.conf
Add the following lines to :
description:
net.ipv4.tcp_syncookies = 1 means SYN Cookies is turned on. When SYN waiting queue overflow occurs, cookies is enabled for processing, which can prevent a small number of SYN attacks. The default value is 0, indicating shutdown.
Es38en.ipv4.tcp_tw_reuse = 1 means reuse is enabled. Allows TIME-WAIT sockets to be reused for a new TCP connection. The default is 0, which means closed.
Es48en.ipv4.tcp_tw_recycle = 1 means that the quick recovery of TIME-WAIT sockets in TCP connection is enabled. The default value is 0, which means closed.
Es58en.ipv4.tcp_fin_timeout = 30 indicates that if the socket is turned off as requested by this end, this parameter determines how long it will remain in the state of FIN-WAIT-2.
Es66en.ipv4.tcp_keepalive_time = 1200 indicates the frequency at which TCP sends keepalive messages when keepalive is active. The default is 2 hours instead of 20 minutes.
Es75en.ipv4.ip_local_port_range = 1024 65000 indicates the port range for outgoing connections. By default it is small: 32768 to 61000, changed to 1024 to 65000.
Es85en.ipv4.tcp_max_syn_backlog = 8192 indicates the length of the SYN queue, which is 1024 by default.
Es93en.ipv4.tcp_max_tw_buckets = 5000 indicates that the system also maintains the maximum number of TIME_WAIT sockets. If this number is exceeded, the TIME_WAIT socket is immediately cleared and a warning message is printed. Default is 180000, change to 5000. For servers like Apache, Nginx, etc., the parameters in the last few lines reduce the number of TIME_WAIT sockets quite well, but not much for Squid. This parameter controls the maximum number of TIME_WAIT sockets and prevents the Squid server from being dragged to death by a large number of TIME_WAIT sockets.
Execute the following command to enable the configuration:
/sbin/sysctl -p
high concurrency Squid server in Linux system, TCP TIME_WAIT socket number often reach 20,000 to 30,000, the server can be easily dragged dead.
solution:
reduces the number of IME_WAIT sockets on linux servers by modifying the Linux kernel parameters.
vi /etc/sysctl.conf
Add the following lines to :
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
description:
net.ipv4.tcp_syncookies = 1 means SYN Cookies is turned on. When SYN waiting queue overflow occurs, cookies is enabled for processing, which can prevent a small number of SYN attacks. The default value is 0, indicating shutdown.
Es38en.ipv4.tcp_tw_reuse = 1 means reuse is enabled. Allows TIME-WAIT sockets to be reused for a new TCP connection. The default is 0, which means closed.
Es48en.ipv4.tcp_tw_recycle = 1 means that the quick recovery of TIME-WAIT sockets in TCP connection is enabled. The default value is 0, which means closed.
Es58en.ipv4.tcp_fin_timeout = 30 indicates that if the socket is turned off as requested by this end, this parameter determines how long it will remain in the state of FIN-WAIT-2.
Es66en.ipv4.tcp_keepalive_time = 1200 indicates the frequency at which TCP sends keepalive messages when keepalive is active. The default is 2 hours instead of 20 minutes.
Es75en.ipv4.ip_local_port_range = 1024 65000 indicates the port range for outgoing connections. By default it is small: 32768 to 61000, changed to 1024 to 65000.
Es85en.ipv4.tcp_max_syn_backlog = 8192 indicates the length of the SYN queue, which is 1024 by default.
Es93en.ipv4.tcp_max_tw_buckets = 5000 indicates that the system also maintains the maximum number of TIME_WAIT sockets. If this number is exceeded, the TIME_WAIT socket is immediately cleared and a warning message is printed. Default is 180000, change to 5000. For servers like Apache, Nginx, etc., the parameters in the last few lines reduce the number of TIME_WAIT sockets quite well, but not much for Squid. This parameter controls the maximum number of TIME_WAIT sockets and prevents the Squid server from being dragged to death by a large number of TIME_WAIT sockets.
Execute the following command to enable the configuration:
/sbin/sysctl -p