Often check the number of Apache connections, you will find a lot of useless time_wait connections. Some people say this is normal, because a request interrupted midway caused, others said that Microsoft's IE connection will produce more time_wait than the Firefox connection. Personally think that there is a certain time_wait is normal, if the proportion of the number of connections is not very normal, so still find ways to solve.
First check the value of time wait:
[Root@aaa1 ~] #sysctl-A | grep Time | grep wait
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
Net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
The key to solving the problem here is how to reuse the Time_wait value and check the NET.IPV4.TCP_TW current value:
[Root@aaa1 ~]# Sysctl-a|grep NET.IPV4.TCP_TW
Net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_tw_recycle = 0
Add or modify the NET.IPV4.TCP_TW value to change the current value to 1 minutes (reuse indicates whether to allow the reapply of the socket in the time-wait state for a new TCP connection; recycle acceleration time-wait sockets Recycle):
[Root@aaa1 ~]# vi/etc/sysctl.conf
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Make kernel parameters Effective:
[Root@aaa1 ~]# Sysctl-p
When you observe with Netstat, you will find that you have returned to normal.
Combined with DDoS and time_wait, we recommend adding the following parameter settings:
# Use TCP syncookies when needed
Net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_ synack_retries=3
net.ipv4.tcp_syn_retries=3
net.ipv4.tcp_max_syn_backlog=2048
# Enable TCP Window Scaling
Net.ipv4.tcp_window_scaling: = 1
# increase TCP max buffer size
Net.core.rmem_max = 16777216
Net.core.wmem _max = 16777216
# increase Linux autotuning TCP buffer limits
Net.ipv4.tcp_rmem = 4096 87380 16777216
NET.IPV4.TC P_wmem = 4096 65536 16777216
# Increase number of ports available
Net.ipv4.tcp_fin_timeout =
Net.ipv4.tcp_kee Palive_time = +
Net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
Net.ipv4.ip_local_port_range = 5000 65000
Attach: View current connection number status
Netstat-nat|awk ' {print awk $NF} ' |sort|uniq-c|sort-n
1 established
1 state
2 Last_ack
4 CLOSING
4 Fin_wait2
9 LISTEN
Fin_wait1
Syn_recv
Established
811 Time_wait
The above command can help you analyze which TCP status is abnormal. The SYN_RECV represents the number of requests waiting to be processed, established represents the normal data transfer status, and Time_wait represents the number of requests that have been processed and waiting for the timeout to end.
Attach: View IP connection number status
Netstat-nat|grep ":" |awk ' {print $} ' |awk-f: ' {print $} ' | Sort| Uniq-c|sort-n
Found abnormal, can seal this IP
Mountain Breeze Note: Windows should also have these settings, but may not have ready-made tools, to pass the registration form what it is, who knows exactly how to tune it.