How to release time_wait under Linux

Transferred from: http://blog.slogra.com/post-385.html

Today's service site obviously too slow to check the number of server connections, tangled in how to fix time_wait
# Netstat-an|awk '/tcp/{print $6} ' |sort|uniq-c
Close_wait
2 CLOSING
136 established
Fin_wait1
Fin_wait2
2 Last_ack
8 LISTEN
Syn_recv
2936 time_wait
#
Status: Description
CLOSED: No connection is active or in progress
LISTEN: The server is waiting to enter the call
SYN_RECV: A connection request has arrived, waiting for confirmation
Syn_sent: Application has started, open a connection
Established: Normal data transfer status
FIN_WAIT1: Application says it's done
Fin_wait2: The other side has agreed to release
Itmed_wait: Waiting for all packets to die
CLOSING: Both sides try to close simultaneously
Time_wait: The other side has initialized a release
Last_ack: Waiting for all packets to die

Linux sysctl.conf close_wait

$/proc/sys/net/core/wmem_max
Maximum socket write buffer, with reference to the optimized value: 873200

$/proc/sys/net/core/rmem_max
Maximum socket read buffer, with reference to optimized values: 873200

$/proc/sys/net/ipv4/tcp_wmem
TCP write buffer, reference to optimization values: 8192 436600 873200

$/proc/sys/net/ipv4/tcp_rmem
TCP read buffer, reference to optimized values: 32768 436600 873200

$/proc/sys/net/ipv4/tcp_mem
There are also 3 values, meaning:
NET.IPV4.TCP_MEM[0]: Below this value, TCP has no memory pressure.
NET.IPV4.TCP_MEM[1]: Under this value, enter the memory pressure phase.
NET.IPV4.TCP_MEM[2]: Above this value, TCP refuses to allocate the socket.
The above-mentioned memory units are pages, not bytes. A reference to the optimization value is: 786432 1048576 1572864

$/proc/sys/net/core/netdev_max_backlog
Enter the maximum device queue for the package. The default is 300, which is too low for heavy-duty servers and can be adjusted to 1000.

$/proc/sys/net/core/somaxconn
The default parameter of Listen (), the maximum number of pending requests. The default is 128. For busy servers, increase this value to help network performance. Adjustable to 256.

$/proc/sys/net/core/optmem_max
The maximum initialization value for socket buffer, default 10K.

$/proc/sys/net/ipv4/tcp_max_syn_backlog
Enter the maximum request queue for the SYN packet. Default 1024. For heavy-duty servers, it is obviously beneficial to increase this value. Adjustable to 2048.

$/proc/sys/net/ipv4/tcp_retries2
TCP failed retransmission, the default value of 15, meaning to focus on 15 times to completely discard. Reduce to 5 to release kernel resources as early as possible.

$/proc/sys/net/ipv4/tcp_keepalive_time

$/PROC/SYS/NET/IPV4/TCP_KEEPALIVE_INTVL

$/proc/sys/net/ipv4/tcp_keepalive_probes
These 3 parameters are related to TCP keepalive. The default value is:
Tcp_keepalive_time = 3600 seconds (1 hours)
Tcp_keepalive_probes = 3
TCP_KEEPALIVE_INTVL = Seconds
This means that if a TCP connection has been idle for 2 hours, the kernel will initiate probe.
If the probe 3 times (60 seconds each time) is unsuccessful, the kernel abandons completely and considers the connection to be invalid.
The above values are obviously too large for the server. Can be adjusted to:
/proc/sys/net/ipv4/tcp_keepalive_time 120
/PROC/SYS/NET/IPV4/TCP_KEEPALIVE_INTVL 30
/proc/sys/net/ipv4/tcp_keepalive_probes 2

$ proc/sys/net/ipv4/ip_local_port_range
Specifies a configuration for the port range, which defaults to 32768 61000, which is large enough.
Can be adjusted to 1024 65535 during large concurrency


The following are some of the parameters that need to be handled when handling the TIME_WAIT state.

Net.ipv4.tcp_syncookies = 1
Indicates that SYN Cookies are turned on. When there is a SYN wait queue overflow, cookies are enabled to protect against a small number of SYN attacks, the default is 0, which means close;

Net.ipv4.tcp_tw_reuse = 1
means to turn on reuse. Allows time-wait sockets to be re-used for new TCP connections, which defaults to 0, which means shutdown;

Net.ipv4.tcp_tw_recycle = 1
Represents a quick recycle of time-wait sockets on a TCP connection, which defaults to 0, which means shutdown.

Net.ipv4.tcp_fin_timeout = 30
Indicates that if the socket is closed by a local requirement, this parameter determines when it remains in the fin-wait-2 state.

Net.ipv4.tcp_keepalive_time = 1200
Indicates the frequency at which TCP sends keepalive messages when KeepAlive is employed. The default is 2 hours, which is changed to 20 minutes.

Net.ipv4.ip_local_port_range = 1024 65000
Represents the range of ports used for an outward connection. Small by default: 32768 to 61000, 1024 to 65000.

Net.ipv4.tcp_max_syn_backlog = 8192
Represents the length of the SYN queue, which defaults to 1024, and a larger queue length of 8192, which can accommodate more network connections waiting to be connected.

Net.ipv4.tcp_max_tw_buckets = 5000
Indicates that the system maintains the maximum number of time_wait sockets at the same time, and if this number is exceeded, the time_wait socket is immediately cleared and a warning message is printed.
The default is 180000, which changes to 5000. For Apache, Nginx and other servers, the parameters mentioned above can be a good way to reduce the number of time_wait sockets,
To prevent squid servers from being dragged to death by a large number of time_wait sockets, this parameter can control the maximum number of time_wait sockets.
Ps:http://bbs.51osos.com/thread-7460-1-1.html

How to release time_wait under Linux