linux内核参数处理time_wait
| TCP state | meaning | is a web server thread utilized? |
| LISTEN | no connection | no |
| SYN_RCVD | not ready to be processed | no |
| ESTABLISHED | ready for web server to accept and process requests, or already processing requests | yes, as soon as the web server realizes that connection is established; but if there aren't enough configured web server threads (e.g., MaxClients is too small), the connection may stall until a thread becomes ready |
| FIN_WAIT1 | web server has closed the socket; the connection remains in this state until an ACK is received from the client. | A web server thread can be utilized for up to two seconds in this state if FIN is not received from the client, after which the web server gives up and the web server thread is no longer utilized. |
| CLOSE_WAIT | client has closed the socket, web server hasn't yet noticed | yes |
| LAST_ACK | client closed socket then web server closed socket | no |
| FIN_WAIT2 | web server closed the socket then client ACKed; the connection
remains in this state until a FIN is received from the client or an
OS-specific timeout occurs; see |
A web server thread can be utilized for up to two seconds in this state if FIN is not received from the client, after which the web server gives up and the web server thread is no longer utilized. |
| TIME_WAIT | waiting for 2*MSL timeout before allowing quad to be reused | no |
| CLOSING | web server and client closed at the same time | no |
/usr/lib/sysctl.d/00-system.conf
#对于一个新建连接,内核要发送多少个
SYN 连接请求才决定放弃,不应该大于255,默认值是5,对应于180秒左右时间
net.ipv4.tcp_syn_retries=2
net.ipv4.tcp_synack_retries=2
#当keepalive起用时,TCP发送keepalive消息的频度。缺省是2小时,改为20分钟
net.ipv4.tcp_keepalive_time=1200
#减少超时前的探测次数
net.ipv4.tcp_keepalive_probes=5
net.ipv4.tcp_orphan_retries=3
#如果套接字由本端要求关闭,这个参数决定了它保持在FIN-WAIT-2状态的时间
net.ipv4.tcp_fin_timeout=30
#表示SYN队列的长度,默认为1024,加大队列长度为8192,可以容纳更多等待连接的网络连接数。
net.ipv4.tcp_max_syn_backlog = 4096
#表示开启SYN
Cookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击,默认为0,表示关闭
net.ipv4.tcp_syncookies
= 1
#表示开启重用。允许将TIME-WAIT
sockets重新用于新的TCP连接,默认为0,表示关闭
net.ipv4.tcp_tw_reuse = 1
#表示开启TCP连接中TIME-WAIT
sockets的快速回收,默认为0,表示关闭
net.ipv4.tcp_tw_recycle
= 1
#优化网络设备接收队列
net.core.netdev_max_backlog=3000
