In an HTTP application, there is a problem with server shutting down the connection for some reason, such as the timeout of keepalive, so that the server as an active shutdown will enter the Fin_wait2 state, but there is a problem with the TCP/IP protocol stack, fin_ The WAIT2 state is not timed out (unlike the time_wait state), so if the client does not shut down, the Fin_wait_2 state will remain in the system reboot, and more and more fin_wait_2 states will cause the kernel to crash.
Workaround: To Modify the/etc/sysctl.conf file:
net.ipv4.tcp_syncookies = 1
denotes the opening of Syn Cookies. When a SYN wait queue overflow occurs, cookies are enabled to protect against a small number of SYN attacks, the default being 0, which means close the
net.ipv4.tcp_fin_timeout =
This parameter determines when the socket is kept in the fin-wait-2 state if it is closed by the local side.
net.ipv4.tcp_max_syn_backlog = 8192
Indicates the length of the SYN queue, which defaults to 1024, and a larger queue length of 8192, which can accommodate more network connections waiting to be connected.
Net.ipv4.tcp_max_tw_buckets = 5000
Indicates that the system maintains the maximum number of time_wait sockets at the same time, and if this number is exceeded, the time_wait socket is immediately cleared and a warning message is printed. The default is 180000, which changes to 5000.
For Apache, Nginx and other servers, the parameters of the last few lines can be a good way to reduce the number of time_wait sockets, but for squid, the effect is not small. This parameter controls the maximum number of time_wait sockets, preventing squid servers from being dragged to death by a large number of time_wait sockets.
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/77/EF/wKiom1ZxUTHg9b5hAABT1OqZ6F8253.png "title=" 1.png " alt= "Wkiom1zxuthg9b5haabt1oqz6f8253.png"/>
On-line test environment,. It can be found that the connection of fin_wait2 is descending in a collapsed type.
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/77/EF/wKiom1ZxUkOBaOvEAAMQPqNECKg451.png "title=" 2.png " alt= "Wkiom1zxukobaoveaamqpqneckg451.png"/>
According to the monitoring system, the business has not been affected. (last 10 minutes)
This article is from the "Professor" blog, please be sure to keep this source http://professor.blog.51cto.com/996189/1725386
Solve the problem of too many FIN_WAIT2 connections for Linux servers