On a TCP server with high concurrency and short connections, when the server finishes processing the request, it will actively connect normally immediately. In this scenario, a large number of sockets will be in the TIME_WAIT state. If the client's concurrency continues to be high, some clients will fail to connect at this time.
First check the status and number of tcp connections:
#netstat -n | awk ‘/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}’
or
#netstat -ant|awk '/^tcp/ {++S[$NF]} END {for(a in S) print (a,S[a])}'
#netstat -n | awk '/^tcp/ {++state[$NF]} END {for(key in state) print key,"\t",state[key]}'
The SYN is so high, continue to trace the SYN sent by those ip:
netstat -an | grep SYN | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr | more
When there is a lot of TIME WAIT, it can be alleviated by optimizing the linux kernel;
Solution:
Edit the kernel file /etc/sysctl.conf and add the following:
net.ipv4.tcp_syncookies = 1 #当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击
net.ipv4.tcp_tw_reuse = 1 #允许 sockets重新用于新的TCP连接
net.ipv4.tcp_tw_recycle = 1 #加快tcp的 time wait sockets的快速回收
net.ipv4.tcp_fin_timeout = 30 Modify the default TIMEOUT time (default value 60s)
Creator: Wu Zaishan
Welcome everyone to refer to, and you can also ask questions or have different opinions.
Original works, please indicate the source for reprinting! !