How to modify the number of server connections in centos

Source: Internet
Author: User
Tags ack socket centos centos server

The netstat command displays network connection, route table, and network interface information, allowing you to know which network connections are in operation. In our daily work, we usually use two parameters, netstat-an, as shown below:

Example

[Root @ tiaobanji ~] # Netstat-
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
Tcp 0 0 0.0.0.0: 50020 0.0.0.0: * LISTEN
Tcp 0 0 127.0.0.1: 199 0.0.0.0: * LISTEN
Tcp 0 0 127.0.0.1: 9000 0.0.0.0: * LISTEN
Tcp 0 0 127.0.0.1: 41224 0.0.0.0: * LISTEN
Tcp 0 0 127.0.0.1: 21224 0.0.0.0: * LISTEN

Example

Netstat-n | awk '/^ tcp/{++ S [$ NF]} END {for (a in S) print a, S [a]}'

Returned results:
SYN_RECV 2 (two SYN connection requests are received for confirmation)
ESTABLISHED 1 (one normal data transmission status)
TIME_WAIT 62 (62 requests awaiting completion)
Description of all states that can be returned:
CLOSED: No connection is active or in progress
LISTEN: The server is waiting for incoming call
SYN_RECV: a connection request has arrived, waiting for confirmation
SYN_SENT: The application has started. Open a connection.
ESTABLISHED: normal data transmission status
FIN_WAIT1: The application says it has been completed
FIN_WAIT2: the other side has agreed to release
ITMED_WAIT: wait until all groups die
CLOSING: both sides attempt to close at the same time
TIME_WAIT: the other side has initialized a release.
LAST_ACK: waiting for all groups to die

By default, the number of concurrent linux servers is 256. If the number is exceeded, the server is automatically disconnected, so the number is relatively small.

Solution: modify the httpd. conf file

Open the httpd. conf file and search for <IfModule prefork. c>


<IfModule prefork. c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 1500 // This value is greater than MaxClients
MaxClients 1000 // change to 1000. The maximum value is 1024.
MaxRequestsPerChild 4000


How to modify the kernel with improved concurrent processing capability of the centos server

You can modify TCP parameters related to Linux kernel to maximize server performance. Of course, upgrading the server hardware is the most fundamental problem to improve the load.

In Linux, after a TCP connection is disconnected, the port is released only after a certain period of time is retained in the TIME_WAIT status. When there are too many concurrent requests, a large number of connections in the TIME_WAIT status will be generated. If the connection cannot be closed in time, a large amount of port resources and server resources will be occupied. At this time, we can optimize the TCP kernel parameters to promptly clear the port in the TIME_WAIT status.
The method described in this article is only effective for system resource consumption caused by connections with a large number of TIME_WAIT states. Otherwise, the effect may not be obvious. You can run the netstat command to check the connection status of TIME_WAIT. Enter the combined command below to check the status of the current TCP connection and the number of corresponding connections:

# Netstat-n | awk „/^ tcp/{S [$ NF]} END {for (a in S) print a, S [a]} then

This command will output results similar to the following:

LAST_ACK 16 SYN_RECV 348 ESTABLISHED 70 FIN_WAIT1 229 FIN_WAIT2 30 CLOSING 33 TIME_WAIT 18098
We only care about the number of TIME_WAIT instances. Here we can see that there are more than 18000 TIME_WAIT instances, occupying more than 18000 ports. You must know that the number of ports is only 65535, and the number of ports is one less, which seriously affects subsequent new connections. In this case, it is necessary to adjust the Linux TCP kernel parameters so that the system can release the TIME_WAIT connection more quickly.
Use vim to open the configuration file: # vim/etc/sysctl. conf in this file, add the following lines:

Net. ipv4.tcp _ syncookies = 1
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ tw_recycle = 1
Net. ipv4.tcp _ fin_timeout = 30

Enter the following command to make the kernel parameters take effect: # sysctl-p
Briefly describe the meaning of the above parameters:
Net. ipv4.tcp _ syncookies = 1
# Enable SYN Cookies. When a SYN wait queue overflows, cookies are enabled to prevent a small number of SYN attacks. The default value is 0, indicating that the process is disabled;
Net. ipv4.tcp _ tw_reuse = 1
# Indicates Enabling reuse. Allow TIME-WAIT sockets to be re-used for a new TCP connection. The default value is 0, indicating that the TCP connection is disabled;
Net. ipv4.tcp _ tw_recycle = 1
# Indicates enabling quick TIME-WAIT sockets recovery in TCP connections. The default value is 0, indicating that the TIME-WAIT sockets is disabled;
Net. ipv4.tcp _ fin_timeout

# Modify the system? The default TIMEOUT time.
After such adjustments, in addition to further improving the server load capabilities, it can also defend against DoS, CC, and SYN attacks with low traffic.
In addition, if you have many connections, we can optimize the range of available TCP ports to further improve the server's concurrency. Add the following configurations to the above parameter file:

Net. ipv4.tcp _ keepalive_time = 1200
Net. ipv4.ip _ local_port_range = 10000 65000
Net. ipv4.tcp _ max_syn_backlog = 8192
Net. ipv4.tcp _ max_tw_buckets = 5000

# We recommend that you enable these parameters only on servers with extremely high traffic, which will produce remarkable results. In general, there is no need to set these parameters on servers with low traffic.
Net. ipv4.tcp _ keepalive_time = 1200
# Indicates the frequency of keepalive messages sent by TCP when keepalive is in use. The default value is 2 hours, which is changed to 20 minutes. Net. ipv4.ip _ local_port_range = 10000 65000
# Indicates the port range used for external connection. The default value is small: 32768 to 61000, which is changed to 10000 to 65000. (Note: do not set the minimum value too low here, otherwise it may occupy the normal port !) Net. ipv4.tcp _ max_syn_backlog = 8192
# Indicates the length of the SYN queue. The default value is 1024. The length of the queue is 8192, which can accommodate more network connections waiting for connection. Net. ipv4.tcp _ max_tw_buckets = 6000
# Indicates that the system maintains the maximum number of TIME_WAIT instances at the same time. If this number is exceeded, TIME_WAIT is immediately cleared and warning information is printed. The default value is 180000, which is changed to 6000. For servers such as Apache and Nginx, the number of TIME_WAIT sockets can be greatly reduced by parameters in the previous lines, but the effect on Squid is not great. This parameter can control the maximum number of TIME_WAIT instances to prevent the Squid server from being dragged to death by a large number of TIME_WAIT instances. Other kernel TCP parameters:
Net. ipv4.tcp _ max_syn_backlog = 65536
# The maximum number of connection requests that have not received confirmation from the client. For systems with 1024 MB of memory, the default value is 128, while for systems with small memory, the value is.

Net. core. netdev_max_backlog = 32768

# The maximum number of packets that can be sent to the queue when each network interface receives packets faster than the kernel processes these packets.

Net. core. somaxconn = 32768

# The backlog of the listen function in the web application will limit the net. core. somaxconn of the kernel parameter to 128 by default, while the NGX_LISTEN_BACKLOG defined by nginx is 511 by default, so it is necessary to adjust this value. Net. core. wmem_default = 8388608 net. core. rmem_default = 8388608
Net. core. rmem_max = 16777216 # maximum socket read buffer, which can be referred to as the optimized value: 873200 net. core. wmem_max = 16777216 # maximum socket write buffer, which can be referred to as the optimized value: 873200 net. ipv4.tcp _ timestsmps = 0
# Timestamp can avoid serial number winding. A 1 Gbit/s link must have a previously used serial number. The timestamp allows the kernel to accept such "abnormal" packets. Disable it here. Net. ipv4.tcp _ synack_retries = 2
# In order to open the peer connection, the kernel needs to send a SYN with an ACK that responds to the previous SYN. That is, the second handshake in the three-way handshake. This setting determines the number of syn ack packets sent before the kernel disconnects. Net. ipv4.tcp _ syn_retries = 2
# Number of SYN packets sent before the kernel disconnects the connection.

# Net. ipv4.tcp _ tw_len = 1
Net. ipv4.tcp _ tw_reuse = 1

# Enable reuse. Allow TIME-WAIT sockets to be re-used for a new TCP connection. Net. ipv4.tcp _ wmem = 8192 436600 873200
# TCP write buffer, available optimization values: 8192 436600 873200 net. ipv4.tcp _ rmem = 32768 436600 873200
# TCP read buffer, available for reference: 32768 436600 873200 94500000 net. ipv4.tcp _ mem = 91500000 92700000 # There are also three values, meaning:
Net. ipv4.tcp _ mem [0]: lower than this value, TCP has no memory pressure. Net. ipv4.tcp _ mem [1]: under this value, it enters the memory pressure stage. Net. ipv4.tcp _ mem [2]: higher than this value, TCP rejects socket allocation.
The above memory unit is page, not byte. The available optimization values are: 786432 1048576 1572864 net. ipv4.tcp _ max_orphans = 3276800

# The maximum number of TCP sockets in the system is not associated with any user file handle. If this number is exceeded, the connection is immediately reset and a warning is printed.
This limit is only used to prevent simple DoS attacks. You cannot rely too much on it or artificially reduce the value. You should also increase this value (if the memory is increased ). Net. ipv4.tcp _ fin_timeout = 30
# If the socket is disabled by the local end, this parameter determines the time it remains in the FIN-WAIT-2 state. The peer can make an error and never close the connection, or even become an unexpected machine. The default value is 60 seconds. 2.2 The kernel value is usually 180 seconds. You can follow this setting,
Remember that even if your machine is a lightweight WEB server, there is also a risk of memory overflow due to a large number of dead sockets, FIN-WAIT-2 is less risky than FIN-WAIT-1 because it can only eat K of memory at most, but they have a longer lifetime. After such optimization configuration, your server's TCP concurrency processing capability will be significantly improved. The above configuration is for reference only. Please use it in the production environment based on your actual situation.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.