Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to solve a large number of TIME_WAIT problems in web, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

Since the launch of a new set of Apache servers, I used the netstat-an command to find that there are a large number of TCP connections with the status of TIME-WAIT in the server, so I checked the kernel parameters of Linux with / sbin/sysctl-a, looked through the relevant materials, and decided to modify two of them in order to reduce the TIME-WAIT sockets in TCP connections.

Vi / etc/sysctl.conf

Edit the / etc/sysctl.conf file and add four lines:

Quote

Net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 30

Description:

Net.ipv4.tcp_syncookies = 1 # means SYN Cookies is enabled. When a SYN waiting queue overflow occurs, enable cookies to handle it to prevent a small amount of SYN***, from defaulting to 0, which means that it is turned off.

Net.ipv4.tcp_tw_reuse = 1 # means reuse is turned on. Allow TIME-WAIT sockets to be reused for new TCP connections. Default is 0, which means off.

Net.ipv4.tcp_tw_recycle = 1 # means to enable fast recycling of TIME-WAIT sockets in TCP connections. Default is 0, which means disabled.

Net.ipv4.tcp_fin_timeout = 30 # indicates that if the socket is closed by the local request, this parameter determines how long it remains in the FIN-WAIT-2 state.

Then execute the following command to make the changes take effect immediately:

/ sbin/sysctl-p

Take a look at the TCP status of the server with the following statement:

Netstat-n | awk'/ ^ tcp/ {+ + S [$NF]} END {for (an in S) print a, S [a]}'

The returned result is as follows:

ESTABLISHED 1423

FIN_WAIT1 1

FIN_WAIT2 262

SYN_SENT 1

TIME_WAIT 962

Effect: the sockets in the TIME_WAIT state is reduced from more than 10000 to about 1000. The sockets in the SYN_RECV waiting state is 0, compared with the original value of 50,300.

The meaning of the TIME_WAIT status is attached below:

The port to which the server connects after the client establishes a TCP/IP connection with the server and closes the SOCKET.

Status is TIME_WAIT

Will all socket that perform an active shutdown enter the TIME_WAIT state?

Is there any situation that causes the actively closed socket to enter the CLOSED state directly?

After sending the last ack, the party that shuts down actively

Will enter the TIME_WAIT state and stay in 2MSL (max segment lifetime) time

This is indispensable to TCP/IP, that is, it cannot be "solved".

That's how TCP/IP designers designed it.

There are two main reasons.

one. Prevent packets from the last connection from reappearing after getting lost, affecting the new connection

(after 2MSL, all duplicate packets in the last connection will disappear.)

two. Reliable closing of TCP connection

The last ack (fin) sent by the active shutdown party may be lost, and the passive party will resend it.

Fin, if the active party is in the CLOSED state at this time, it will respond to rst instead of ack. So

The active party should be in the TIME_WAIT state, not CLOSED.

TIME_WAIT doesn't take up a lot of resources. Also, if one party send or recv times out, it will directly enter the CLOSED state.

After reading the above, do you have any further understanding of how to solve a large number of TIME_WAIT problems in web? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.