Shulou(Shulou.com)05/31 Report--

This article mainly introduces the relevant knowledge of "how to reduce the problem of too much TIME_WAIT on Linux server". The editor shows you the operation process through an actual case. The method of operation is simple, fast and practical. I hope that this article "how to reduce the problem of excessive TIME_WAIT on Linux server" can help you solve the problem.

The meaning of time_wait status:

After the client establishes a tcp/ip connection with the server and closes the socket, the port status of the server connection is time_wait

Will all socket that perform an active shutdown enter the time_wait state?

Is there any situation that causes the actively closed socket to enter the closed state directly?

The active shutdown party will enter the time_wait state to stay in 2msl (max segment lifetime) time after sending the last ack, which is essential to tcp/ip, that is, it cannot be "solved".

That's how tcp/ip designers designed it.

There are two main reasons.

one. Prevent the packets in the previous connection from reappearing after getting lost, affecting the new connection (after 2msl, all duplicate packets in the previous connection will disappear)

two. Reliable closing of tcp connection

The last ack (fin) sent by the active shutdown party may be lost, and the passive party will re-send the fin. If the active party is in the closed state, it will respond to the rst instead of the ack. So the active party should be in the time_wait state, not closed.

Time_wait does not take up a lot of resources unless it is attacked.

You can enter the following commands in the squid server:

# netstat-n | awk'/ ^ tcp/ {+ + s [$nf]} end {for (an in s) print a, s [a]}'

Last_ack 14

Syn_recv 348

Established 70

Fin_wait1 229

Fin_wait2 30

Closing 33

Time_wait 18122

Status: description

Closed: connectionless is active or in progress

Listen: the server is waiting for an incoming call

Syn_recv: a connection request has arrived, waiting for confirmation

Syn_sent: the application has started. Open a connection.

Established: normal data transfer statu

Fin_wait1: the application says it's done.

Fin_wait2: the other side has agreed to release

Itmed_wait: wait for all groups to die

Closing: both sides try to shut down at the same time

Time_wait: the other side has initialized a release

Last_ack: wait for all groups to die

In other words, this command classifies and summarizes the network connection status of the current linux server.

Let's explain why it is written this way:

A simple pipe character connects the netstat and awk commands.

Let's take a look at netstat:

Netstat-n

Active internet connections (w _ servers)

Proto recv-q send-q local address foreign address state

Tcp 0 0 123.123.123.123:80 234.234.234.234:12345 time_wait

When you actually execute this order, you may get thousands of similar records, but we will only take one of them.

Let's take a look at awk:

/ ^ tcp/

Filter out the records at the beginning of tcp, and block udp, socket and other irrelevant records.

State []

It is equivalent to defining an array called state

Nf

Represents the number of fields of the record. For the record shown above, nf equals 6

$nf

Represents the value of a field. In the record shown above, $nf is $6, which represents the value of the sixth field, time_wait.

State [$nf]

Represents the value of the array element, and the record shown above is the number of connections in the state [time _ wait]

+ + state [$nf]

It means to add a number to one, and the record shown above is to add one to the number of connections in the state [time _ wait].

End

Represents the command to be executed in the final stage

For (key in state)

Ergodic array

Print key, "\ t", state [key]

Print the keys and values of the array, split with a\ t tab in the middle to beautify it.

If it is found that there are a large number of connections in time_wait state in the system, it can be solved by adjusting kernel parameters.

Vim / etc/sysctl.conf

Edit the file and add the following:

Net.ipv4.tcp_syncookies = 1

Net.ipv4.tcp_tw_reuse = 1

Net.ipv4.tcp_tw_recycle = 1

Net.ipv4.tcp_fin_timeout = 30

Then execute / sbin/sysctl-p to make the parameter take effect.

For highly concurrent squid servers under linux, the number of tcp time_wait sockets often reaches 20,000 to 30,000, and the server is easily towed to death. By modifying the linux kernel parameters, you can reduce the number of time_wait sockets for the squid server.

Vi / etc/sysctl.conf

Add the following lines: reference

Net.ipv4.tcp_fin_timeout = 30

Net.ipv4.tcp_keepalive_time = 1200

Net.ipv4.tcp_syncookies = 1

Net.ipv4.tcp_tw_reuse = 1

Net.ipv4.tcp_tw_recycle = 1

Net.ipv4.ip_local_port_range = 1024 65000

Net.ipv4.tcp_max_syn_backlog = 8192

Net.ipv4.tcp_max_tw_buckets = 5000

Description:

Net.ipv4.tcp_syncookies = 1 means that syncookies is enabled. When a syn waiting queue overflow occurs, enable cookies to deal with it to prevent a small number of syn attacks. The default is 0, which means it is turned off.

Net.ipv4.tcp_tw_reuse = 1 means reuse is turned on. Allow time-wait sockets to be reused for new tcp connections. Default is 0, which means off.

Net.ipv4.tcp_tw_recycle = 1 means to enable fast recycling of time-wait sockets in tcp connections. Default is 0, which means disabled.

Net.ipv4.tcp_fin_timeout = 30 means that if the socket is closed by the local request, this parameter determines how long it remains in the fin-wait-2 state.

Net.ipv4.tcp_keepalive_time = 1200 indicates how often tcp sends keepalive messages when keepalive is enabled. The default is 2 hours, which changes to 20 minutes.

Net.ipv4.ip_local_port_range = 1024 65000 indicates the range of ports used for outbound connections. Small by default: 32768 to 61000, changed to 1024 to 65000.

Net.ipv4.tcp_max_syn_backlog = 8192 indicates the length of the syn queue, which defaults to 1024, and increases the queue length to 8192, which can accommodate more network connections waiting for connections.

Net.ipv4.tcp_max_tw_buckets = 5000 indicates that the system maintains the maximum number of time_wait sockets at the same time, and if this number is exceeded, the time_wait socket will be cleared immediately and a warning message will be printed. The default is 180000, changed to 5000. For servers such as apache, nginx, and so on, the parameters in the first few lines can well reduce the number of time_wait sockets, but for squid, the effect is not great. This parameter controls the maximum number of time_wait sockets to prevent the squid server from being dragged to death by a large number of time_wait sockets.

Execute the following command to make the configuration effective:

/ sbin/sysctl-p

This is the end of the introduction to "how to reduce the problem of too much TIME_WAIT on Linux servers". Thank you for reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.