Optimize TCP/IP connections and reduce TIME-WAIT commands

Optimize TCP/IP connections to reduce the TIME-WAIT command (1) the status and number of TCP/IP connections: # netstat-an | awk '/^ tcp/{++ s [$ NF]} END {for (a in s) print a, s [a]}' (2) improve server load capabilities: # vim/etc/sysctl. conf and add the following lines to the file: net. ipv4.tcp _ syncookies = 1 net. ipv4.tcp _ tw_reuse = 1 net. ipv4.tcp _ tw_recycle = 1 net. ipv4.tcp _ fin_timeout = 5 enter the following command to make the kernel parameters take effect: #/sbin/sysctl-p parameter description: {net. ipv4.tcp _ syncookies = 1 indicates enabling SYN Cookies. When a SYN wait queue overflows, cookies are enabled to prevent a small number of SYN attacks. The default value is 0, indicating that the service is disabled. net. ipv4.tcp _ tw_reuse = 1 indicates that reuse is enabled. Allow TIME-WAIT sockets to be re-used for a New TCP connection. The default value is 0, indicating that it is disabled. net. ipv4.tcp _ tw_recycle = 1 indicates to enable fast recovery of TIME-WAIT sockets in TCP connections. The default value is 0, indicating to close; net. ipv4.tcp _ fin_timeout: Modify the default TIMEOUT time of the system.} (3) Optimize the available port range of TCP/IP and further improve the server's concurrency (for servers with relatively large TCP traffic) # vim/etc/sysctl. conf, add the following parameter: net. ipv4.tcp _ keepalive_time = 1200. net. ipv4.ip _ local_port_range = 10000 65000 net. ipv4.tcp _ max_syn_backlog = 8192 net. 4.tcp _ max_tw_buckets = 5000 parameter description: {net. ipv4.tcp _ keepalive_time = 1200 indicates the frequency of keepalive messages sent by TCP when keepalive is in use. The default value is 2 hours, which is changed to 20 minutes. Net. ipv4.ip _ local_port_range = 10000 65000 indicates the port range used for external connection. The default value is small: 32768 to 61000, Which is changed to 10000 to 65000. (Note: Do not set the minimum value too low here, otherwise it may occupy the normal port !) Net. ipv4.tcp _ max_syn_backlog = 8192 indicates the length of the SYN queue. The default value is 1024. The length of the queue is 8192, which can accommodate more network connections waiting for connection. Net. ipv4.tcp _ max_tw_buckets = 5000 indicates that the system maintains the maximum number of TIME_WAIT resources at the same time. If this number is exceeded, TIME_WAIT is immediately cleared and warning information is printed. The default value is 180000, Which is changed to 5000. For servers such as Apache and Nginx, the number of TIME_WAIT sockets can be greatly reduced by parameters in the previous lines, but the effect on Squid is not great. This parameter can control the maximum number of TIME_WAIT instances to prevent the Squid server from being dragged to death by a large number of TIME_WAIT instances.} (4) modify the tcp time wait of linux kernel (applicable to a large number of short connections) at $ KERNEL/include/net/tcp. h contains the following line: # define TCP_TIMEWAIT_LEN (60 * HZ)/* how long to wait to destroy TIME-WAIT * state, about 60 seconds */and this macro controls the timeout time of the TCP TIME_WAIT status. If we want to reduce the number of TIME_WAIT states (thus saving a little kernel operation time), we can set this value to a lower value. According to our test, it is appropriate to set it to 10 seconds, that is, modify the above:
# Define TCP_TIMEWAIT_LEN (10 * HZ)/* how long to wait to destroy TIME-WAIT * state, about 60 seconds */then re-compile the kernel, restart the system to find that the TIME_WAIT status caused by short connections is greatly reduced: netstat-ant | grep-I time_wait | wc-l can be reduced by at least 2/3 in general. It can also increase the system's response speed to short connections.