Recent problems with online request to call 502, A service call service B 502 occasionally throwing error, frequency of occurrence is relatively low. TIME_WAIT state investigation found problems caused by excessive requests.
What is TIME_WAIT?
TIME_WAIT: TCP connection closing request initiator receives a FIN packet reception side, and transmitting the ACK packet, then enters the TIME_WAIT state after 2MSL into a CLOSED state.
What is the role of TIME_WAIT
(1) making the connection is closed when the four-way handshake protocol final ACK is sent by the active closed end, if this final ACK is lost, the server will retransmit the FIN end, so the client must maintain state information which allows the retransmission the final ACK. If you do not maintain this status information, then the client will respond RST section, this section a server error interpreted as (in java throws connection reset the SocketException). Thus, to achieve full-duplex normal terminate TCP connections, must deal with the case of termination lose any sequence of four subsections of a section, take the initiative to shut down the client must maintain state information into the TIME_WAIT state.
(2) allowing the old repeating section elapsed in a network
TCP segmentation may be due to the routers exception "lost" during lost, TCP transmitting side may vary acknowledgment timeout and retransmit this section, stray section router repair after would be sent to the final destination, the original lost a section called lost duplicate. After closing a TCP connection, they immediately re-establish a TCP connection between the same IP address and port, after a connection avatar (incarnation) is called before a connection, then there might be the case, before a lost packets after repeated connections a connector that terminates in a front so as to be misunderstood as subordinate new avatar. To avoid this connection, TCP TIME_WAIT state is not allowed to start a new incarnation, because TIME_WAIT state for 2MSL, you can ensure that when successfully establish a TCP connection when connecting from a previous incarnation of duplicate packets in the network has disappeared.
How to solve the problem of too many TIME_WAIT
In cases where only one client and a web server. Construction of a TCP connection requires four values
<source IP address, source port, destination IP address, destination port> , where three are fixed, only the source port number may be varied.
Every time a client requests the server, will get a new source port to ensure the uniqueness of the connection. However, since the number of ports is limited to the original (if only 6000), and in 2MSL (equal to 120) can not be reused within seconds. Therefore, the maximum number of concurrent connections is 6000/120 = 500 times / sec.
Therefore, solutions to problems can be divided into three types:
1: reusable port
2: to reduce the waiting time of TIME_WAIT
3: Use the load balancing policy to increase the available ports
TIME_WAIT state found there are a lot of systems connected solved by adjusting the kernel parameters:
Edit the file /etc/sysctl.conf, add the following:
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.ip_local_port_range = 1024 65000
Then execute / sbin / sysctl -p let take effect.
net.ipv4.tcp_syncookies = 1 表示开启SYN Cookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击,默认为0,表示关闭;
net.ipv4.tcp_tw_reuse = 1 表示开启重用。允许将TIME-WAIT sockets重新用于新的TCP连接,默认为0,表示关闭;
net.ipv4.tcp_tw_recycle = 1 表示开启TCP连接中TIME-WAIT sockets的快速回收,默认为0,表示关闭。
net.ipv4.tcp_fin_timeout 修改系默认的 TIMEOUT 时间
net.ipv4.ip_local_port_range = 1024 65000 表示用于向外连接的端口范围Author: jiang_liu
link: https: //www.jianshu.com/p/102fdb8cccb7
Source: Jane books
are copyrighted by the author. Commercial reprint please contact the author authorized, non-commercial reprint please indicate the source.