First, connect the unit to see which IP
netstat -an
Second, check the TCP connections
1) 80 Number of port statistics
netstat -nat | grep -i "80" | wc -l
2) Statistics httpd protocol connections
ps -ef | grep httpd | wc -l
3) connected on the statistics, the state is "established
netstat -anp | grep ESTABLISHED | wc -l
4), which connect up to find out the IP address, which is sealed
netstat -anp | grep ESTABLISHED | awk {print $5}|awk -F: {print $1} | sort | uniq -c | sort -r +0n
netstat -anp | grep SYN | awk {print $5}|awk -F: {print $1} | sort | uniq -c | sort -r +0n
Example:
1, see the Apache current number of concurrent access:
netstat -anp | grep ESTABLISHED | wc -l
Comparative figures of how much the gap between the httpd.conf MaxClients.
2, see how many number of processes:
ps aux | grep httpd | wc -l
3, the following parameters may be used to view data
# ps -ef | grep httpd | wc -l 1388
Statistics httpd number of processes, even a request starts a process, for use in the Apache server.
Represents Apache to handle concurrent requests 1388, this value may be automatically adjusted according to the Apache load.
# netstat -ant | grep -i "80" | wc -l 4341
netstat -an will print the current network connection status of the system, and grep -i "80" is used to extract statistics and the number of connections on port 80, wc -l-related connection. Digital eventual return is the total number of requests for all 80 ports currently.
# netstat -anp | grep ESTABLISHED | wc -l 376
The current network connection status netstat -an print system, and grep ESTABLISHED extract the information that established the connection. Then wc -l statistics. Digital eventual return is the current total number of connections have been established for all 80 ports.
netstat -ant || grep ESTABLISHED | wc -
To see detailed records of all established connections
View Apache concurrent TCP connection requests and their status:
The netstat -n # | awk '/ ^ TCP / ++ {S [$ of NF]} for the END {(S in A) Print A, S [A]}'
the TIME_WAIT 8947 waits for a time sufficient to ensure that the received remote TCP connection confirm the interrupt request
acknowledgment FIN_WAIT1 15 remote TCP connection waits for the interrupt request, or previous connection interrupt request
FIN_WAIT2 1 waits for a connection from a remote TCP interrupt request
ESTABLISHED 55 represents an open connection
SYN_RECV 21 after waiting for the other to receive and send a connection request connection request acknowledgment
CLOSING 2 without any connection state
LAST_ACK 4 waits for the interrupt request acknowledgment original hair to the remote TCP connection
TCP connection status Comments
- LISTEN: listens for a connection request from the remote TCP port
- SYN-SENT: After further waiting for matching a connection request transmits the connection request
- SYN-RECEIVED: receive the request and sends a connection request to wait for confirmation of the connection
- ESTABLISHED: represents an open connection
- FIN-WAIT-1: waiting for a remote TCP connection interrupt or connection confirmation prior interrupt request
- FIN-WAIT-2: waiting for an interrupt request from the remote TCP connection
- CLOSE-WAIT: Wait sent from the local user is connected to the interrupt request
- CLOSING: waiting for confirmation of the remote TCP connection interrupted
- LAST-ACK: acknowledgment waiting original hair interrupt request to the remote TCP connection
- Confirmation wait a sufficient time to ensure that the remote TCP connection is received interrupt request: TIME-WAIT
- CLOSED: no connection state
- Represents SYN_RECV request processing is waiting;
- ESTABLISHED state represents a normal data transmission;
- Represents a TIME_WAIT processed, the number of requests waiting for the end of the timeout.
4, there are a lot found TIME_WAIT state system is connected, is solved by adjusting kernel parameters
vim /etc/sysctl.conf
Edit the file, add the following:
net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 30
Then execute
/sbin/sysctl -p
Let take effect.
Attach significance TIME_WAIT state:
- net.ipv4.tcp_syncookies = 1 indicates turning SYN cookies. When the SYN queue overflow occurs, enable cookies to deal with, can prevent a small amount of SYN attack, the default is 0, indicating closed;
- net.ipv4.tcp_tw_reuse = 1 indicate on reuse. TIME-WAIT sockets allow re-used for new TCP connection, the default is 0, indicating off;
- net.ipv4.tcp_tw_recycle = 1 represents the fast recovery of the TCP connection open TIME-WAIT sockets, the default is 0, it off.
- net.ipv4.tcp_fin_timeout modify the system default TIMEOUT time
5, the client and the server is established TCP / IP connection after closing SOCKET, server-side connection port state is TIME_WAIT is not all that active close the socket will enter TIME_WAIT state? Is there any case the initiative to close the socket directly into the CLOSED state?
Initiative to close the party after sending the last ack, will enter TIME_WAIT state remain 2MSL (max segment lifetime) time, this is a TCP / IP essential, that is, to "solve" can not. That is, TCP / IP designers could have been so designed.
There are two main reasons:
- 1, preventing a connection package, the re-emergence after getting lost, the impact of new connections (through 2MSL, the last connection in all of the duplicate packets will disappear)
- 2, reliable TCP connection is closed actively closed by the sender in the last ack (fin), there may be missing, then the passive side will re-send fin, then take the initiative if the party is in CLOSED state, will respond rst instead ack. Therefore, the active side to the TIME_WAIT state, but can not be CLOSED. TIME_WAIT does not occupy a lot of resources, unless attacked. Also, if a party send or recv timeout, it will go directly to the CLOSED state.
6, how to set the maximum number of connections of Apache httpd?
A hand there is a growing number of online sites, very slow access. Preliminary view is the lack of server resources, but after repeated tests Once connected, continue to click on different links on the same page, can quickly open, apache explanation of this phenomenon is the maximum number of connections is full, new visitors only waiting in line to have free links, and if once the connection in the survival time of keeyalive (KeepAliveTimeout, default 5 seconds) do not have to re-open the connection, so the solution is to increase the maximum number of connections the apache.
1. Where settings?
apache 2.24, default configuration (FreeBSD default configuration does not load the custom MPM), the default maximum number of connections is 250
MPM disposed in the loading /usr/local/etc/apache22/httpd.conf (remove the front Notes):
# Server-pool management (MPM specific) Include etc/apache22/extra/httpd-mpm.conf
MPM configuration visible in /usr/local/etc/apache22/extra/httpd-mpm.conf, but there httpd points depending on the mode of a lot of pieces, which one is the current httpd working model? Can be viewed by performing apachectl -l:
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
See prefork words, the current httpd should therefore be seen working in prefork mode, the default configuration prefork mode are:
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
</IfModule>
2. How much to be added?
In theory, of course, is the number of connections supported by the bigger the better, but to be within the capacity of the server, which with the server CPU, memory, bandwidth, etc. have a relationship.
View the current number of connections that can be used:
ps aux | grep httpd | wc -l
or:
pgrep httpd|wc -l
Calculate the average occupancy httpd memory:
ps aux | grep -v grip | AWK '/ httpd / {sum + = $ 6; n ++}; END {print sum / n}'
Because basically static pages, CPU consumption is very low, per process memory is not too much, about 200K.
Server memory is 2G, to the regular start of the service takes about 500M (a conservative estimate), 1.5G left available, then theoretically can support 1.5 * 1024 * 1024 * 1024/200000 = 8053.06368
8K about a process that supports simultaneous access 2W people should be no problem (8K which can guarantee people access quickly, others may need to wait on 1,2 seconds to connect, and once even on will be very smooth)
Control of maximum number of connections MaxClients, can be configured to try:
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
ServerLimit 5500
MaxClients 5000
MaxRequestsPerChild 100
</IfModule>
Note, MaxClients default maximum of 250, to exceed this value must explicitly set ServerLimit, and ServerLimit be placed before MaxClients, or else the value is less than MaxClients, otherwise there will be prompted to restart httpd.
After the restart httpd, by repeatedly performing pgrep httpd | wc -l to observe the number of connections, you can see the number of connections does not increase after reaching the set value of MaxClients, but this time the visit is also very smooth, then do not greedy then set more the high value of, or access to the sudden increase in the future if the site is not careful it will run out of server memory, and then gradually adjusted according to changes in occupancy trends and future access memory pressure until you find an optimal set of values.
(MaxRequestsPerChild not be set to 0, may be due to a memory leak causes the server to crash)
Better maximum of formula:
apache_max_process_with_good_perfermance < (total_hardware_memory / apache_memory_per_process ) * 2 apache_max_process = apache_max_process_with_good_perfermance * 1.5
7, real-time detection httpd connections:
watch -n 1 -d "pgrep httpd|wc -l"
Article from: https: //blog.csdn.net/he_jian1/article/details/40787269