經常檢查apache的串連數,會發現很多無用的time_wait串連。有人說這是正常的,是因為一個請求中途中斷造成的;還有人說微軟的IE串連時產生的Time_wait會比用Firefox串連時多。個人認為有一定的Time_wait是正常的,如果超過了串連數的比例就不是很正常,所以還是找來方法解決一下。
先檢查一下time wait的值:
[root@aaa1 ~]#sysctl -a | grep time | grep wait
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
這裡解決問題的關鍵是如何能夠重複利用time_wait的值,檢查net.ipv4.tcp_tw當前值:
[root@aaa1 ~]# sysctl -a|grep net.ipv4.tcp_tw
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_tw_recycle = 0
增加或修改net.ipv4.tcp_tw值,將當前的值更改為1分鐘(reuse是表示是否允許重新應用處於TIME-WAIT狀態的socket用於新的TCP串連; recycle是加速TIME-WAIT sockets回收):
[root@aaa1 ~]# vi /etc/sysctl.conf
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
使核心參數生效:
[root@aaa1 ~]# sysctl -p
用netstat再觀察時會發現已經恢複正常。
結合DDOS和TIME_WAIT過多,建議增加如下參數設定:
# Use TCP syncookies when needed
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries=3
net.ipv4.tcp_syn_retries=3
net.ipv4.tcp_max_syn_backlog=2048
# Enable TCP window scaling
net.ipv4.tcp_window_scaling: = 1
# Increase TCP max buffer size
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
# Increase Linux autotuning TCP buffer limits
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
# Increase number of ports available
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000 65000
附:查看當前的串連數狀況
netstat -nat|awk '{print awk $NF}'|sort|uniq -c|sort -n
1 established
1 State
2 LAST_ACK
4 CLOSING
4 FIN_WAIT2
9 LISTEN
17 FIN_WAIT1
18 SYN_RECV
27 ESTABLISHED
811 TIME_WAIT
上面的命令可以協助分析哪種tcp狀態數量異常。其中的SYN_RECV表示正在等待處理的請求數;ESTABLISHED表示正常資料轉送狀態;TIME_WAIT表示處理完畢,等待逾時結束的請求數。
附:查看IP串連數狀況
netstat -nat|grep ":80"|awk '{print $5}' |awk -F: '{print $1}' | sort| uniq -c|sort -n
發現異常的,可以封了這個IP
山風附註:WINDOWS下應該也有這些設定,只不過可能沒有現成的工具,要通過註冊表什麼的吧,有誰知道具體怎麼調呢。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
