View the number of concurrent requests and their TCP connection status

Server statistics:

1) count the number of connections on port 80
Netstat-Nat | grep-I "80" | WC-l

2) count the number of httpd connections
PS-Ef | grep httpd | WC-l

3) collect statistics on connected instances in the "established" status
Netstat-Na | grep established | WC-l

4) Find out which IP Address has the most connections and seal it.
Netstat-Na | grep established | awk {print $5} | awk-F: {print $1} | sort | uniq-c | sort-R + 0n

Netstat-Na | grep SYN | awk {print $5} | awk-F: {print $1} | sort | uniq-c | sort-R + 0n

Bytes ---------------------------------------------------------------------------------------------

1. Check the current number of concurrent workers of Apache:
Netstat-an | grep established | WC-l

Compare the Number Difference of maxclients in httpd. conf.

2. Check the number of processes:
PS aux | grep httpd | WC-l

3. You can use the following parameters to view data:
Server-Status? Auto

# Ps-Ef | grep httpd | WC-l
1388
Count the number of httpd processes. A single request starts a process and is used on the Apache server.
This indicates that Apache can process 1388 concurrent requests. Apache can automatically adjust this value based on the load.

# Netstat-Nat | grep-I "80" | WC-l
4341
Netstat-An prints the current network connection status of the system, while grep-I "80" is used to extract connections related to port 80. WC-L is used to calculate the number of connections.
The final number returned is the total number of requests on all port 80.

# Netstat-Na | grep established | WC-l
376
Netstat-An prints the current network connection status of the system, and grep established extracts information about the established connection. Then WC-l statistics.
The number returned is the total number of established connections on all port 80.

Netstat-Nat | grep established | WC-allows you to view detailed records of all established connections.

View the number of concurrent Apache requests and their TCP connection status:
Linux Command:
Netstat-N | awk '/^ TCP/{++ s [$ NF]} end {for (a in S) print a, s [a]}'

(This statement was obtained from Wang dawang, Technical Director of Sina interaction community division, Sina interaction community division. It is very good.) return result example:
Last_ack 5
Syn_recv 30
Established 1597
Fin_wait1 51
Fin_wait2 504
Time_wait 1057
The
Syn_recv indicates the number of requests waiting for processing;
Established indicates the normal data transmission status;
Time_wait indicates the number of requests that have been processed and wait for the timeout to end.

Bytes ---------------------------------------------------------------------------------------------

View the number of Apache concurrent requests and their TCP connection status

View the number of httpd processes (that is, the number of concurrent requests that Apache can process in prefork mode ):
Linux Command:

PS-Ef | grep httpd | WC-l

Sample returned results:
1388
It indicates that Apache can process 1388 concurrent requests. Apache can automatically adjust this value based on the load. The peak value of each server in my group has reached 2002.

View the number of concurrent Apache requests and their TCP connection status:
Linux Command:

Netstat-N | awk '/^ TCP/{++ s [$ NF]} end {for (a in S) print a, s [a]}'
Sample returned results:
Last_ack 5
Syn_recv 30
Established 1597
Fin_wait1 51
Fin_wait2 504
Time_wait 1057
Syn_recv indicates the number of requests waiting for processing, established indicates the normal data transmission status, and time_wait indicates the number of requests waiting for timeout.
Status: Description

Closed: No connection is active or in progress

Listen: the server is waiting for incoming call

Syn_recv: a connection request has arrived, waiting for confirmation

Syn_sent: The application has started. Open a connection.

Established: normal data transmission status

Fin_wait1: The application says it has been completed

Fin_wait2: the other side has agreed to release

Itmed_wait: wait until all groups die

Closing: both sides attempt to close at the same time

Time_wait: the other side has initialized a release.

Last_ack: waiting for all groups to die

If you find that the system has a large number of connections in the time_wait status, you can adjust the kernel parameters,
Vim/etc/sysctl. conf
Edit the file and add the following content:
Net. ipv4.tcp _ syncookies = 1
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ tw_recycle = 1
Net. ipv4.tcp _ fin_timeout = 30
Then run/sbin/sysctl-P to make the parameter take effect.

Net. ipv4.tcp _ syncookies = 1 indicates enabling syn cookies. When a SYN wait queue overflows, cookies are enabled to prevent a small number of SYN attacks. The default value is 0, indicating that the process is disabled;
Net. ipv4.tcp _ tw_reuse = 1 indicates enabling reuse. Allow time-Wait sockets to be re-used for a New TCP connection. The default value is 0, indicating that the TCP connection is disabled;
Net. ipv4.tcp _ tw_recycle = 1 indicates to enable quick recovery of Time-Wait sockets in TCP connections. The default value is 0, indicating to disable it.
Net. ipv4.tcp _ fin_timeout: Modify the default timeout time of the system.

The meanings of the time_wait status are attached below:

The port connected to the server after the client establishes a TCP/IP connection with the server and closes the socket
Status: time_wait

Is it true that all sockets that execute active shutdown will enter the time_wait status?
Is there any situation in which the socket that is automatically closed directly enters the closed state?

After the last Ack is sent
It will enter the time_wait status and stay in the 2msl (max segment lifetime) Time
This is essential for TCP/IP, that is, it cannot be solved.

That is, the TCP/IP designer was designed like this.
There are two main reasons:
1. Prevent the package in the last connection from appearing again after getting lost, affecting the New Connection
(After 2msl, all repeated packets in the last connection will disappear)
2. Close TCP connection reliably
The last ack (FIN) sent by the active shutdown party may be lost, and the passive party will resend the ACK (FIN ).
Fin. If the active Party is in the closed state, it will respond to the RST instead of ack. So
The active party must be in the time_wait state, not the closed state.

Time_wait does not occupy a large amount of resources unless it is attacked.

Also, if one side sends or Recv timeout, it will directly enter the closed status

How can I reasonably set the maximum number of connections for Apache httpd?

The number of online users of a website increases, and the access time is slow. It is initially considered that the server resources are insufficient, but after repeated tests, Once connected, you can quickly open it by constantly clicking different links on the same page, this phenomenon means that the maximum number of connections in Apache is full, and new visitors can only wait in queue for idle connections. If the connection is established, the default value is 5 seconds). You do not need to re-open the connection. Therefore, the solution is to increase the maximum number of connections of Apache.

1. Where can I set it?
Apache 2.24, with the default configuration (FreeBSD does not load the custom MPM configuration by default), the default maximum number of connections is 250

Load the MPM configuration in/usr/local/etc/apache22/httpd. conf (remove the preceding notes ):
# Server-pool management (MPM specific)
Include ETC/apache22/extra/httpd-mpm.conf

Visible MPM configuration in/usr/local/etc/apache22/extra/httpd-mpm.conf, but according to the httpd working mode divided a lot, which is the current httpd working mode? You can run apachectl-L to view the details:
Compiled in modules:
Core. c
Prefork. c
Http_core.c
Mod_so.c

The prefork word is displayed, so the current httpd should work in the prefork mode. The default configuration of the prefork mode is:
<Ifmodule mpm_prefork_module>
Startservers 5
Minspareservers 5
Maxspareservers 10
Maxclients 150
Maxrequestsperchild 0
</Ifmodule>

2. How much does it add?

Theoretically, the larger the number of connections is, the better, but it must be within the capacity range of the server. This is related to the CPU, memory, bandwidth, and so on of the server.

You can view the current number of connections:
PS aux | grep httpd | WC-l

Or:
Pgrep httpd | WC-l

Calculate the average memory usage of httpd:
PS aux | grep-V grep | awk '/httpd/{sum + = $6; n ++}; end {print sum/n }'

Because the pages are basically static pages, CPU consumption is very low, and the memory occupied by each process is not much, about 200 K.

The server memory is 2 GB, which requires about 500 mb (conservatively estimated) except for the services started normally. The remaining 1.5 GB is available, so theoretically it can support 1024*1024*1024/200000*8053.06368 =.

There are about 8 K processes, and it should be no problem to Support 2 W simultaneous access (8 K of them can be accessed quickly, and other processes may need to wait 1 or 2 seconds to connect, and it will be smooth once connected)

To control the maxclients of the maximum number of connections, you can configure it as follows:
<Ifmodule mpm_prefork_module>
Startservers 5
Minspareservers 5
Maxspareservers 10
Serverlimit 5500
Maxclients 5000
Maxrequestsperchild 100
</Ifmodule>

Note: The maximum value of maxclients is 250 by default. to exceed this value, you must explicitly set serverlimit, And put serverlimit before maxclients. The value must not be smaller than that of maxclients. Otherwise, a prompt will appear when you restart httpd.

After restarting httpd, run pgrep httpd | WC-l repeatedly to check the number of connections. You can see that the number of connections does not increase after the value of maxclients is reached, but the Website access is smooth at this time, you don't need to be greedy and set a higher value. Otherwise, the server memory will be consumed if the Website access suddenly increases. You can adjust the memory usage according to the future access pressure trend and memory usage changes, until an optimal setting value is found.

(Maxrequestsperchild cannot be set to 0, which may cause server crash due to memory leakage)

The formula for better maximum value calculation:

Apache_max_process_with_good_perfermance <(total_hardware_memory/apache_memory_per_process) * 2
Apache_max_process = apache_max_process_with_good_perfermance * 1.5

Appendix:

Number of httpd connections detected in Real Time:
Watch-N 1-d "pgrep httpd | WC-l"

Other references:

TCP port status description established, time_wait

Solve the problem of excessive TCP connections

TCP/IP, HTTP, socket, persistent connection, short connection

Socket persistent connection and transient connection, heartbeat

Configuration and Development of Linux applications supporting high-concurrency TCP connections

View the number of concurrent requests and their TCP connection status