Linux Link Control

Source: Internet
Author: User
Tags ack

If the system is found to have a large number of time_wait state connections, by adjusting the kernel parameters to resolve,
Vim/etc/sysctl.conf
Edit the file and add the following:
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_fin_timeout = 30
Then execute/sbin/sysctl-p to let the parameters take effect.

Net.ipv4.tcp_syncookies = 1 means that Syn cookies are turned on. When there is a SYN wait queue overflow, cookies are enabled to protect against a small number of SYN attacks, the default is 0, which means close;
Net.ipv4.tcp_tw_reuse = 1 means turn on reuse. Allows time-wait sockets to be re-used for new TCP connections, which defaults to 0, which means shutdown;
Net.ipv4.tcp_tw_recycle = 1 means a fast recycle of time-wait sockets in the TCP connection is turned on, and the default is 0, which means shutdown.
Net.ipv4.tcp_fin_timeout Modify the default timeout time for the system

The meanings of the Time_wait status are attached below:

The port on the server-side connection after the client establishes a TCP/IP connection to the server and closes the socket
Status is Time_wait

Are all sockets that perform an active shutdown enter the TIME_WAIT state?
Is there a situation where the active shut-down socket goes directly into the closed state?

A party that is actively closed after sending the last ACK
Will enter the TIME_WAIT state to stay 2MSL (max segment lifetime) time
This is necessary for TCP/IP, which means "solution".

That's what TCP/IP designers were designed to do.
There are two main reasons
1. Prevent packages in the last connection, re-emerge after getting lost, affect new connections
(After 2MSL, all duplicate packets in the last connection will disappear)
2. Reliable shutdown of TCP connections
The last ACK (FIN) sent at the active shutdown may be lost, when the passive side will resend
Fin, if the active side is in the CLOSED state at this point, will respond to RST instead of ACK. So
The active side should be in a time_wait state, not a CLOSED.

Time_wait does not occupy a significant amount of resources unless it is under attack.

Also, if a party send or recv timeout, it will go directly into the CLOSED state

Linux Link Control

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.