Too many time_wait connections in LINUX

Article Title: there are too many time_wait connections in LINUX. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Check the number of apache connections frequently and find many useless time_wait connections. Some people say this is normal because a request is interrupted midway through; others say that Microsoft's IE connection will generate more Time_wait than Firefox connection. I personally think that it is normal to have a certain Time_wait. if the percentage of connections exceeds the limit, it is not normal, so I should find a solution.

First check the value of time wait:

[Root @ aaa1 ~] # Sysctl-a | grep time | grep wait

Net. ipv4.netfilter. ip_conntrack_tcp_timeout_time_wait = 120

Net. ipv4.netfilter. ip_conntrack_tcp_timeout_close_wait = 60

Net. ipv4.netfilter. ip_conntrack_tcp_timeout_fin_wait = 120

The key to solving the problem here is how to reuse the value of time_wait and check the current value of net. ipv4.tcp _ tw:

[Root @ aaa1 ~] # Sysctl-a | grep net. ipv4.tcp _ tw

Net. ipv4.tcp _ tw_reuse = 0

Net. ipv4.tcp _ tw_recycle = 0

Add or modify net. 4.tcp _ tw value. change the current value to 1 minute (reuse indicates whether to allow re-application of a socket in TIME-WAIT status for new TCP connections; recycle is to accelerate TIME-WAIT sockets recycling ):

[Root @ aaa1 ~] # Vi/etc/sysctl. conf

Net. ipv4.tcp _ tw_reuse = 1

Net. ipv4.tcp _ tw_recycle = 1

Make kernel parameters take effect:

[Root @ aaa1 ~] # Sysctl-p

When you observe it with netstat, you will find that it has returned to normal.

We recommend that you add the following parameter settings when combining DDOS and TIME_WAIT:

# Use TCP syncookies when needed

Net. ipv4.tcp _ syncookies = 1

Net. ipv4.tcp _ synack_retries = 3

Net. ipv4.tcp _ syn_retries = 3

Net. ipv4.tcp _ max_syn_backlog = 2048

# Enable TCP window scaling

Net. ipv4.tcp _ window_scaling: = 1

# Increase TCP max buffer size

Net. core. rmem_max = 16777216

Net. core. wmem_max = 16777216

# Increase Linux autotuning TCP buffer limits

Net. ipv4.tcp _ rmem = 4096 87380 16777216

Net. ipv4.tcp _ wmem = 4096 65536 16777216

# Increase number of ports available

Net. ipv4.tcp _ fin_timeout = 30

Net. ipv4.tcp _ keepalive_time = 300

Net. ipv4.tcp _ tw_reuse = 1

Net. ipv4.tcp _ tw_recycle = 1

Net. ipv4.ip _ local_port_range = 5000 65000

Appendix: view the current connection count

Netstat-nat | awk '{print awk $ NF}' | sort | uniq-c | sort-n

1 established

1 State

2 LAST_ACK

4 CLOSING

4 FIN_WAIT2

9 LISTEN

17 FIN_WAIT1

18 SYN_RECV

27 ESTABLISHED

811 TIME_WAIT

The preceding command helps to analyze which tcp status number is abnormal. SYN_RECV indicates the number of requests waiting for processing, ESTABLISHED indicates the normal data transmission status, and TIME_WAIT indicates the number of requests waiting for timeout.

Appendix: View IP connection count

Netstat-nat | grep ": 80" | awk '{print $5}' | awk-F: '{print $1}' | sort | uniq-c | sort-n

If an exception is found, you can block this IP address.