Solve linux under a large number of TIME WAIT method details
- 2020-05-09 19:42:16
- OfStack
Problem description:
In the highly concurrent Squid server on the Linux system, the number of TCP TIME_WAIT sockets often reaches two to thirty thousand, and the server can be easily dragged to death.
Solutions:
By modifying the Linux kernel parameters, you can reduce the number of IME_WAIT sockets on the linux server.
vi /etc/sysctl.conf
Add the following lines:
Description:
net.ipv4.tcp_syncookies = 1 means SYN Cookies is turned on. When SYN waiting queue overflow occurs, cookies is enabled for processing, which can prevent a small number of SYN attacks. The default value is 0, indicating shutdown.
net.ipv4.tcp_tw_reuse = 1 to enable reuse. Allow TIME-WAIT sockets to be re-used for a new TCP connection. The default is 0, which means closed.
net.ipv4.tcp_tw_recycle = 1 means the quick recall of TIME-WAIT sockets in the TCP connection is enabled. The default value is 0, which means the sockets is off.
net.ipv4.tcp_fin_timeout = 30 indicates that if the socket is turned off by this request, this parameter determines how long it will remain in the FIN-WAIT-2 state.
tcp_keepalive_time = 1200 indicates the frequency at which TCP sends keepalive messages when keepalive is activated. The default is 2 hours, changed to 20 minutes.
net.ipv4.ip_local_port_range = 1024 65000 represents the port range used for outgoing connections. By default it is small: 32768 to 61000, changed to 1024 to 65000.
net.ipv4.tcp_max_syn_backlog = 8192 indicates the length of the SYN queue, which is 1024 by default. The larger queue length is 8192 to accommodate more network connections waiting to connect.
net.ipv4.tcp_max_tw_buckets = 5000 indicates that the system maintains the maximum number of TIME_WAIT sockets at the same time. If this number is exceeded, TIME_WAIT sockets will be immediately cleared and a warning message printed. The default is 180,000, so let's make it 5000. For servers like Apache, Nginx, and so on, the parameters in the last few lines are a good way to reduce the number of TIME_WAIT sockets, but for Squid, the effect is not so great. This parameter controls the maximum number of TIME_WAIT sockets and prevents the Squid server from being killed by a large number of TIME_WAIT sockets.
Execute the following command to enable the configuration:
/sbin/sysctl -p
In the highly concurrent Squid server on the Linux system, the number of TCP TIME_WAIT sockets often reaches two to thirty thousand, and the server can be easily dragged to death.
Solutions:
By modifying the Linux kernel parameters, you can reduce the number of IME_WAIT sockets on the linux server.
vi /etc/sysctl.conf
Add the following lines:
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
Description:
net.ipv4.tcp_syncookies = 1 means SYN Cookies is turned on. When SYN waiting queue overflow occurs, cookies is enabled for processing, which can prevent a small number of SYN attacks. The default value is 0, indicating shutdown.
net.ipv4.tcp_tw_reuse = 1 to enable reuse. Allow TIME-WAIT sockets to be re-used for a new TCP connection. The default is 0, which means closed.
net.ipv4.tcp_tw_recycle = 1 means the quick recall of TIME-WAIT sockets in the TCP connection is enabled. The default value is 0, which means the sockets is off.
net.ipv4.tcp_fin_timeout = 30 indicates that if the socket is turned off by this request, this parameter determines how long it will remain in the FIN-WAIT-2 state.
tcp_keepalive_time = 1200 indicates the frequency at which TCP sends keepalive messages when keepalive is activated. The default is 2 hours, changed to 20 minutes.
net.ipv4.ip_local_port_range = 1024 65000 represents the port range used for outgoing connections. By default it is small: 32768 to 61000, changed to 1024 to 65000.
net.ipv4.tcp_max_syn_backlog = 8192 indicates the length of the SYN queue, which is 1024 by default. The larger queue length is 8192 to accommodate more network connections waiting to connect.
net.ipv4.tcp_max_tw_buckets = 5000 indicates that the system maintains the maximum number of TIME_WAIT sockets at the same time. If this number is exceeded, TIME_WAIT sockets will be immediately cleared and a warning message printed. The default is 180,000, so let's make it 5000. For servers like Apache, Nginx, and so on, the parameters in the last few lines are a good way to reduce the number of TIME_WAIT sockets, but for Squid, the effect is not so great. This parameter controls the maximum number of TIME_WAIT sockets and prevents the Squid server from being killed by a large number of TIME_WAIT sockets.
Execute the following command to enable the configuration:
/sbin/sysctl -p