When the Linux server has too many TIME_WAITs, it
is usually thought to modify the parameters to reduce the TIME_WAIT duration
to reduce the number of TIME_WAITs, but Linux does not provide such an interface
unless the kernel is recompiled.
The default TIME_WAIT duration of Linux is generally 60 seconds, which
is defined in the include/net/tcp.h file of the kernel:
#define TCP_TIMEWAIT_LEN (60*HZ)
/* how long to wait to destroy TIME-WAIT state,
* about 60 seconds
* /
#define TCP_FIN_TIMEOUT TCP_TIMEWAIT_LEN /* BSD style FIN_WAIT2 deadlock breaker. * It used to be 3min, new value is 60sec, * to combine FIN-WAIT-2 timeout with * TIME-WAIT timer. */ Note that tcp_fin_timeout is not TIME_WAIT time: # cat /proc/sys/net/ipv4/tcp_fin_timeout 60 tcp_fin_timeout is actually the duration of the FIN_WAIT_2 state. Linux does not provide an interface for modifying the TIME_WAIT duration unless the macro definition is modified to recompile the kernel.
But Windows can modify the TcpTimedWaitDelay value in the registry to control the TIME_WAIT duration.
RTO: Retransmission Timeout (Retransmission Timeout)
TIME_WAIT is a common problem, related content (/etc/sysctl.conf or /proc/sys/net/ipv4):
1) net.ipv4.tcp_timestamps
is 1, indicating that the TCP time is enabled Stamp, used to calculate round-trip time RTT (Round-Trip Time) and prevent serial number wrapping
2) net.ipv4.tcp_tw_reuse
is 1 to allow the handle of TIME-WAIT to be reused for new TCP connections
3) net.ipv4.tcp_tw_recycle
1 means to enable fast recovery of TIME-WAIT in TCP connections, NAT environment may cause DROP to drop SYN packets (reply to RST)
4) net.ipv4.tcp_fin_timeout
FIN_WAIT_2 status timeout
5)
SYN Cookies when net.ipv4.tcp_syncookies is 1 , when the SYN waiting queue overflows, enable cookies to process, which can prevent a small number of
SYN attacks ) net.ipv4.ip_local_port_range 8) net.ipv4.tcp_max_syn_backlog
The maximum backlog of the port is limited to prevent the kernel from occupying too much memory
. 9) net.ipv4.tcp_syn_retries
For a new connection, how many SYN connection requests the kernel needs to send before deciding to give up, should not be greater than 255
10) net.ipv4.tcp_retries1
give up and respond to one How many retries should be made before a TCP connection request is made. The RFC specifies that the minimum value is 3, which is also the default value
.
Try, the default value is 15
12) net.ipv4.tcp_synack_retries
The number of retries in the SYN/ACK phase of the TCP three-way handshake, the default is 5
13) net.ipv4.tcp_max_orphans
The maximum sockets that do not belong to any process (have been removed from the process context) 14) The number of retries before
net.ipv4.tcp_orphan_retries orphan sockets are discarded, the default value is 7 15) The net.ipv4.tcp_mem kernel allocated to the TCP connection Memory, the unit is page: the first number means that when the page used by TCP is less than this value, the kernel does not perform any processing (intervention), and the second number means that when the page used by TCP exceeds this value, the kernel enters "memory pressure" pressure mode,
The third number indicates that when the page used by TCP exceeds a certain value, an "Out of socket memory" error will be reported, and the TCP connection will be rejected . 16) The size of the read buffer memory allocated by
net.ipv4.tcp_rmem for each TCP connection, in units of
byte
17) The size of the write buffer memory allocated by net.ipv4.tcp_wmem
for each TCP connection, in bytes:
the first number indicates the minimum memory allocated for the TCP connection, and
the second number indicates the allocated memory for the TCP connection Default memory,
the third number indicates the maximum memory allocated for TCP connections (net.core.wmem_max can override this value)
18) net.ipv4.tcp_keepalive_time
When keepalive is enabled, the frequency of TCP sending keepalive messages, unit
19) net.ipv4.tcp_keepalive_intvl keepalive
detection packet sending interval
20) net.ipv4.tcp_keepalive_probes
If the other party does not respond, the number of times the detection packet is sent
can be determined by SO_LINGER control.
is usually thought to modify the parameters to reduce the TIME_WAIT duration
to reduce the number of TIME_WAITs, but Linux does not provide such an interface
unless the kernel is recompiled.
The default TIME_WAIT duration of Linux is generally 60 seconds, which
is defined in the include/net/tcp.h file of the kernel:
#define TCP_TIMEWAIT_LEN (60*HZ)
/* how long to wait to destroy TIME-WAIT state,
* about 60 seconds
* /
#define TCP_FIN_TIMEOUT TCP_TIMEWAIT_LEN /* BSD style FIN_WAIT2 deadlock breaker. * It used to be 3min, new value is 60sec, * to combine FIN-WAIT-2 timeout with * TIME-WAIT timer. */ Note that tcp_fin_timeout is not TIME_WAIT time: # cat /proc/sys/net/ipv4/tcp_fin_timeout 60 tcp_fin_timeout is actually the duration of the FIN_WAIT_2 state. Linux does not provide an interface for modifying the TIME_WAIT duration unless the macro definition is modified to recompile the kernel.
But Windows can modify the TcpTimedWaitDelay value in the registry to control the TIME_WAIT duration.
RTO: Retransmission Timeout (Retransmission Timeout)
TIME_WAIT is a common problem, related content (/etc/sysctl.conf or /proc/sys/net/ipv4):
1) net.ipv4.tcp_timestamps
is 1, indicating that the TCP time is enabled Stamp, used to calculate round-trip time RTT (Round-Trip Time) and prevent serial number wrapping
2) net.ipv4.tcp_tw_reuse
is 1 to allow the handle of TIME-WAIT to be reused for new TCP connections
3) net.ipv4.tcp_tw_recycle
1 means to enable fast recovery of TIME-WAIT in TCP connections, NAT environment may cause DROP to drop SYN packets (reply to RST)
4) net.ipv4.tcp_fin_timeout
FIN_WAIT_2 status timeout
5)
SYN Cookies when net.ipv4.tcp_syncookies is 1 , when the SYN waiting queue overflows, enable cookies to process, which can prevent a small number of
SYN attacks ) net.ipv4.ip_local_port_range 8) net.ipv4.tcp_max_syn_backlog
The maximum backlog of the port is limited to prevent the kernel from occupying too much memory
. 9) net.ipv4.tcp_syn_retries
For a new connection, how many SYN connection requests the kernel needs to send before deciding to give up, should not be greater than 255
10) net.ipv4.tcp_retries1
give up and respond to one How many retries should be made before a TCP connection request is made. The RFC specifies that the minimum value is 3, which is also the default value
.
Try, the default value is 15
12) net.ipv4.tcp_synack_retries
The number of retries in the SYN/ACK phase of the TCP three-way handshake, the default is 5
13) net.ipv4.tcp_max_orphans
The maximum sockets that do not belong to any process (have been removed from the process context) 14) The number of retries before
net.ipv4.tcp_orphan_retries orphan sockets are discarded, the default value is 7 15) The net.ipv4.tcp_mem kernel allocated to the TCP connection Memory, the unit is page: the first number means that when the page used by TCP is less than this value, the kernel does not perform any processing (intervention), and the second number means that when the page used by TCP exceeds this value, the kernel enters "memory pressure" pressure mode,
The third number indicates that when the page used by TCP exceeds a certain value, an "Out of socket memory" error will be reported, and the TCP connection will be rejected . 16) The size of the read buffer memory allocated by
net.ipv4.tcp_rmem for each TCP connection, in units of
byte
17) The size of the write buffer memory allocated by net.ipv4.tcp_wmem
for each TCP connection, in bytes:
the first number indicates the minimum memory allocated for the TCP connection, and
the second number indicates the allocated memory for the TCP connection Default memory,
the third number indicates the maximum memory allocated for TCP connections (net.core.wmem_max can override this value)
18) net.ipv4.tcp_keepalive_time
When keepalive is enabled, the frequency of TCP sending keepalive messages, unit
19) net.ipv4.tcp_keepalive_intvl keepalive
detection packet sending interval
20) net.ipv4.tcp_keepalive_probes
If the other party does not respond, the number of times the detection packet is sent
can be determined by SO_LINGER control.