[Author: Zhang banquet this article version: V1.0 last modified: 2007.07.24 reprint please indicate the source: http://blog.s135.com]
Since the launch of a new set of Apache servers, I used the netstat-An command to find a large number of TCP connections in the Time-Wait Status on the server, so I used/sbin/sysctl-a to view Linux kernel parameters, read the relevant information, and decided to modify the two parameters, to reduce the time-Wait sockets in TCP connections.
VI/etc/sysctl. conf
Edit the/etc/sysctl. conf file and add three lines:
Reference net. ipv4.tcp _ syncookies = 1
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ tw_recycle = 1
Note:
Net. ipv4.tcp _ syncookies = 1 indicates enabling syn cookies. When a SYN wait queue overflows, cookies are enabled to prevent a small number of SYN attacks. The default value is 0, indicating that the process is disabled;
Net. ipv4.tcp _ tw_reuse = 1 indicates enabling reuse. Allow time-Wait sockets to be re-used for a New TCP connection. The default value is 0, indicating that the TCP connection is disabled;
Net. ipv4.tcp _ tw_recycle = 1 indicates to enable quick recovery of Time-Wait sockets in TCP connections. The default value is 0, indicating to disable it.
Run the following command to make the modification take effect immediately:
/Sbin/sysctl-P
Use the following statement to check the TCP status of the server:
Netstat-N | awk '/^ TCP/{++ s [$ NF]} end {for (a in S) print a, s [a]}'
The returned results are as follows:
Established 1423
Fin_wait1 1
Fin_wait2 262
Syn_sent 1
Time_wait 962
Effect: the number of sockets in the time_wait status is reduced from more than 10000 to about 1000. Sockets in the syn_recv waiting for processing status is 0, and the original value is 50 ~ 300.
Appendix: TCP status change diagram. See my other article "view the number of Apache concurrent requests and their TCP connection status".