If the system is found to have a large number of time_wait state connections, by adjusting the kernel parameters to resolve,
Vim/etc/sysctl.conf
Edit the file and add the following:
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_fin_timeout = 30
Then execute/sbin/sysctl-p to let the parameters take effect.
Net.ipv4.tcp_syncookies = 1 means that Syn cookies are turned on. When there is a SYN wait queue overflow, cookies are enabled to protect against a small number of SYN attacks, the default is 0, which means close;
Net.ipv4.tcp_tw_reuse = 1 means turn on reuse. Allows time-wait sockets to be re-used for new TCP connections, which defaults to 0, which means shutdown;
Net.ipv4.tcp_tw_recycle = 1 means a fast recycle of time-wait sockets in the TCP connection is turned on, and the default is 0, which means shutdown.
Net.ipv4.tcp_fin_timeout Modify the default timeout time for the system
The meanings of the Time_wait status are attached below:
The port on the server-side connection after the client establishes a TCP/IP connection to the server and closes the socket
Status is Time_wait
Are all sockets that perform an active shutdown enter the TIME_WAIT state?
Is there a situation where the active shut-down socket goes directly into the closed state?
A party that is actively closed after sending the last ACK
Will enter the TIME_WAIT state to stay 2MSL (max segment lifetime) time
This is necessary for TCP/IP, which means "solution".
That's what TCP/IP designers were designed to do.
There are two main reasons
1. Prevent packages in the last connection, re-emerge after getting lost, affect new connections
(After 2MSL, all duplicate packets in the last connection will disappear)
2. Reliable shutdown of TCP connections
The last ACK (FIN) sent at the active shutdown may be lost, when the passive side will resend
Fin, if the active side is in the CLOSED state at this point, will respond to RST instead of ACK. So
The active side should be in a time_wait state, not a CLOSED.
Time_wait does not occupy a significant amount of resources unless it is under attack.
Also, if a party send or recv timeout, it will go directly into the CLOSED state
Linux Link Control