How to reduce the problem of Linux server TIME_WAIT

The meaning of TIME_WAIT state:
After the client establishes TCP/IP connection with the server and closes SOCKET, the port state of the server connection is TIME_WAIT
Do all socket that perform active shutdowns go into the TIME_WAIT state?
Is there a situation where the active shutdown of socket goes directly into the CLOSED state?
After sending the last ack, the actively closed side will enter the TIME_WAIT state and stay for 2MSL (max segment lifetime) time. This is essential for TCP/IP, which cannot be "solved".
That's TCP/IP and that's how the designers designed it.

There are two main reasons
1. Prevent packets from the last connection from reappearing after getting lost and affecting the new connection (after passing through 2MSL, all duplicate packets from the last connection will disappear)
2. Reliably close TCP connections
The last ack(fin) sent by the active shutoff party may be lost, in which case the passive party will resend fin, and if the active party is in the CLOSED state, it will respond to rst instead of ack. So the active party has to be in TIME_WAIT, not CLOSED.
TIME_WAIT does not take up a lot of resources unless attacked.
Enter the following command in Squid server:
#netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
LAST_ACK 14
SYN_RECV 348
ESTABLISHED 70
FIN_WAIT1 229
FIN_WAIT2 30
CLOSING 33
TIME_WAIT 18122
Status: description
CLOSED: connectionless is active or in progress
LISTEN: the server is waiting for an incoming call
SYN_RECV: 1 connection request has arrived, waiting for confirmation
SYN_SENT: application has started, open 1 connection
ESTABLISHED: normal data transfer status
FIN_WAIT1: the application says it's done
FIN_WAIT2: the other side has agreed to release
ITMED_WAIT: wait for all groups to die
CLOSING: try to close both sides at the same time
TIME_WAIT: the other side has initialized 1 release
LAST_ACK: wait for all groups to die
That is, this command summarizes the network connection status of the current linux server.
Here's why:
A simple pipe character connects the netstat and awk commands.
Let's start with netstat:
netstat -n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 123.123.123.123:80 234.234.234.234:12345 TIME_WAIT
When you actually execute this command, you'll probably get thousands of records like the one above, but let's just take one of them.
Take a look at awk:
/^tcp/
Filter out records beginning with tcp, and screen out irrelevant records such as udp and socket.
state[]
This is equivalent to defining an array called state
NF
Represents the number of fields for the record, as shown above, NF is equal to 6
$NF
Represents the value of a field, as shown in the record above, $NF, which is $6, represents the value of the sixth field, which is TIME_WAIT
state[$NF]
The value representing the array element, as shown in the record above, is the number of joins in the state of state[TIME_WAIT]
++state[$NF]
Means to add 1 to a number, as shown in the record above, is to add 1 to the number of connections in the state[TIME_WAIT] state
END
Represents the command to be executed at the last stage
for(key in state)
Through the array
print key, \ "t", state [key]
Print the keys and values of the array, with \t TAB in the middle, beautify 1.
If it is found that the system has a large number of connections in the state of TIME_WAIT, it can be solved by adjusting the kernel parameters.
vim /etc/sysctl.conf
Edit the file to add the following:
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
Then execute /sbin/ sysctl-p for the parameter to take effect.
Linux high concurrency Squid servers, TCP TIME_WAIT sockets often reach two to thirty thousand, the server can be easily dragged to death. By modifying the Linux kernel parameters, you can reduce the number of TIME_WAIT sockets on the Squid server.
vi /etc/sysctl.conf
Add the following lines: quote
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
Description:
net.ipv4.tcp_syncookies = 1 means SYN Cookies is turned on. When SYN waiting queue overflow occurs, cookies is enabled for processing, which can prevent a small number of SYN attacks. The default value is 0, indicating shutdown.
net.ipv4.tcp_tw_reuse = 1 to enable reuse. Allow TIME-WAIT sockets to be re-used for a new TCP connection.
net. ipv4.tcp_tw_recycle = 1 means the quick recall of TIME-WAIT sockets in TCP connection is enabled.
net.ipv4.tcp_fin_timeout = 30 indicates that if the socket is turned off by this request, this parameter determines how long it will remain in the FIN-WAIT-2 state.
net.ipv4.tcp_keepalive_time = 1200 indicates the frequency at which keepalive sends keepalive messages when keepalive is activated. The default is 2 hours, changed to 20 minutes.
net.ipv4.ip_local_port_range = 1024 65000 indicates the port range used for outgoing connections. By default it is small: 32768 to 61000, changed to 1024 to 65000.
net.ipv4.tcp_max_syn_backlog = 8192 indicates the length of the SYN queue, which defaults to 1024. The larger queue length is 8192 to accommodate more network connections waiting to connect.
net.ipv4.tcp_max_tw_buckets = 5000 indicates that the system maintains the maximum number of TIME_WAIT sockets at the same time. If this number is exceeded, TIME_WAIT sockets will be immediately cleared and a warning message printed. The default is 180,000, so let's make it 5000. For servers such as Apache and Nginx, the parameters on the last few lines are a good way to reduce the number of TIME_WAIT sockets, but for Squid, the effect is small. This parameter controls the maximum number of TIME_WAIT sockets and prevents the Squid server from being killed by a large number of TIME_WAIT sockets.
Execute the following command to enable the configuration:
/sbin/sysctl -p