Time wait duo

  Too many time_wait problems in Linux Category:LinuxFAQ Read by 3485 Comment (0) Favorites Report Linux Server TCP communication activity SSH

Cause:

I developed a server and client and communicated through short connections. Due to the frequent creation of connections, the number of system connections is occupied and cannot be released in time. I looked at 18888 and was scared.

 

Symptom:

1. External machines cannot connect to SSH normally

2. The internal and external domain names cannot be properly pinged or resolved.

 

Troubleshooting:

Run the netstat-anp | grep time_wait | WC-l command to check the number of connections. It is too exaggerated to find that the number of connections in time_wait exceeds 18000.

1. I initially suspected that the program did not close the connection and codereview twice. I found that the connection was closed normally.

2. Why does time_wait appear on the Internet? It may be because the server closes the connection and time_wait is generated.

3. Search for the time_wait solution:

It is found that the system has a large number of connections in the time_wait status. by adjusting the kernel parameters, VI/etc/sysctl. conf
Edit the file and add the following content: net. ipv4.tcp _ syncookies = 1 Net. ipv4.tcp _ tw_reuse = 1 Net. ipv4.tcp _ tw_recycle = 1 Net. ipv4.tcp _ fin_timeout = 30 and then execute/Sbin/sysctl-PMake the parameter take effect.

 

After configuration, the temporary problem is solved. Check that the number of time_wait instances drops rapidly.

 

Key commands:

 

1. netstat-N | awk '/^ TCP/{++ State [$ NF]} end {for (key in State) print key, "\ t ", state [Key]}'

The following result is displayed, and the numbers are different:

Last_ack 1
Syn_recv 14
Established 79
Fin_wait1 28
Fin_wait2 3
Closing 5
Time_wait 1669

Status: Description
Closed: No connection is active or in progress
Listen: the server is waiting for incoming call
Syn_recv: a connection request has arrived, waiting for confirmation
Syn_sent: The application has started. Open a connection.
Established: normal data transmission status
Fin_wait1: The application says it has been completed
Fin_wait2: the other side has agreed to release
Itmed_wait: wait until all groups die
Closing: both sides attempt to close at the same time
Time_wait: the other side has initialized a release.
Last_ack: waiting for all groups to die

 

2. sysctl-A | grep time | grep wait
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_time_wait = 120
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_close_wait = 60
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_fin_wait = 120