Tcp:time wait bucket table overflow solution

There are a lot of/var/log/messages in the

 Time wait bucket table overflow

This behavior is caused by too many connections to the server TCP, exceeding the maximum number of internal and defined

Temporary change of Use

Echo 20000 >/proc/sys/net/ipv4/tcp_max_tw_buckets

Permanent effect can be as follows

#vim/etc/20000-P

Execute command

grep  the awk ' {print $6} ' Sort Uniq Sort -rn

Can count the number of current connections

The following references to other articles

Http://blog.sina.com.cn/s/blog_4e46604d0102vaf1.html

Failure performance:

One: System logs frequently appear: kernel:TCP:time wait bucket table overflow

Two: The server connection, there are a large number of time_wait

Netstat-n | awk '/^tcp/{++s[$NF]} END {for (a in S) print A, s[a]} '

Time_wait 5009

Fin_wait1 19

Established 3

Fin_wait2 2

Syn_recv 14

CLOSING 146

Last_ack 1

Solution:

Vi/etc/sysctl.conf

Add the following lines:

Net.ipv4.tcp_fin_timeout = 30

Net.ipv4.tcp_keepalive_time = 1200

Net.ipv4.tcp_syncookies = 1

Net.ipv4.tcp_tw_reuse = 1

Net.ipv4.tcp_tw_recycle = 1

Net.ipv4.ip_local_port_range = 1024 65000

Net.ipv4.tcp_max_syn_backlog = 8192

net.ipv4.tcp_max_tw_buckets = # #已经修改

Description

Net.ipv4.tcp_syncookies = 1 means that Syn Cookies are turned on. When there is a SYN wait queue overflow, cookies are enabled to protect against a small number of SYN attacks, the default is 0, which means close;

Net.ipv4.tcp_tw_reuse = 1 means turn on reuse. Allows time-wait sockets to be re-used for new TCP connections, which defaults to 0, which means shutdown;

Net.ipv4.tcp_tw_recycle = 1 means a fast recycle of time-wait sockets in the TCP connection is turned on, and the default is 0, which means shutdown.

Net.ipv4.tcp_fin_timeout = 30 means that if the socket is closed by the local side, this parameter determines how long it remains in the fin-wait-2 state.

Net.ipv4.tcp_keepalive_time = 1200 indicates the frequency at which TCP sends keepalive messages when KeepAlive is employed. The default is 2 hours, which is changed to 20 minutes.

Net.ipv4.ip_local_port_range = 1024 65000 indicates the range of ports used for an outward connection. Small by default: 32768 to 61000, 1024 to 65000.

Net.ipv4.tcp_max_syn_backlog = 8192 Indicates the length of the SYN queue, the default is 1024, and the queue length is 8192, which can accommodate more network connections waiting to be connected.

Net.ipv4.tcp_max_tw_buckets = 5000 indicates that the system maintains the maximum number of time_wait sockets at the same time, and if this number is exceeded, the time_wait socket is immediately cleared and a warning message is printed. The default is 180000, which changes to 5000. For Apache, Nginx and other servers, the parameters of the last few lines can be a good way to reduce the number of time_wait sockets, but for squid, the effect is not small. This parameter controls the maximum number of time_wait sockets, preventing squid servers from being dragged to death by a large number of time_wait sockets.

Execute the following command to make the configuration effective:

Sysctl-p

After a few minutes of observation, the error disappears and the number of time_wait connections decreases.

Netstat-n | awk '/^tcp/{++s[$NF]} END {for (a in S) print A, s[a]} '

Time_wait 3647

Syn_sent 1

Fin_wait1 14

Established 2

Fin_wait2 2

SYN_RECV 17

CLOSING 132

Tcp:time wait bucket table overflow solution