LINUX疑難解答—LINUX下解決time_wait連接過多
Filed under: 未分類
經常檢查apache的連接數,會發現很多無用的time_wait連接。有人說這是正常的,是因為壹個請求中途中斷造成的;還有人說微軟的IE連接時產生的Time_wait會比用Firefox連接時多。個人認為有壹定的Time_wait是正常的,如果超過了連接數的比例就不是很正常,所以還是找來方法解決壹下。
先檢查壹下time wait的值:
[root@aaa1 ~]#sysctl -a | grep time | grep wait
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
這裏解決問題的關鍵是如何能夠重復利用time_wait的值,檢查net.ipv4.tcp_tw當前值:
[root@aaa1 ~]# sysctl -a|grep net.ipv4.tcp_tw
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_tw_recycle = 0
增加或修改net.ipv4.tcp_tw值,將當前的值更改為1分鐘(reuse是表示是否允許重新應用處於TIME-WAIT狀態的socket用於新的TCP連接; recycle是加速TIME-WAIT sockets回收):
[root@aaa1 ~]# vi /etc/sysctl.conf
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
使內核參數生效:
[root@aaa1 ~]# sysctl -p
用netstat再觀察時會發現已經恢復正常。
結合DDOS和TIME_WAIT過多,建議增加如下參數設置:
# Use TCP syncookies when needed
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries=3
net.ipv4.tcp_syn_retries=3
net.ipv4.tcp_max_syn_backlog=2048
# Enable TCP window scaling
net.ipv4.tcp_window_scaling: = 1
# Increase TCP max buffer size
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
# Increase Linux autotuning TCP buffer limits
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
# Increase number of ports available
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000 65000
附:查看當前的連接數狀況
netstat -nat|awk ‘{print awk $NF}’|sort|uniq -c|sort -n
1 established
1 State
2 LAST_ACK
4 CLOSING
4 FIN_WAIT2
9 LISTEN
17 FIN_WAIT1
18 SYN_RECV
27 ESTABLISHED
811 TIME_WAIT
上面的命令可以幫助分析哪種tcp狀態數量異常。其中的SYN_RECV表示正在等待處理的請求數;ESTABLISHED表示正常數據傳輸狀態;TIME_WAIT表示處理完畢,等待超時結束的請求數。
附:查看IP連接數狀況
netstat -nat|grep “:80″|awk ‘{print $5}’ |awk -F: ‘{print $1}’ | sort| uniq -c|sort -n
發現異常的,可以封了這個IP
Comments
Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!