linux服务器,发现大量TIME_WAIT
今天登陆linux服务器,发现大量TIME_WAIT
参考资料:http://coolnull.com/3605.html 酷喃|coolnull| » 大量TIME_WAIT解决办法
[root@webserver ~]# netstat -anltp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 127.0.0.1: 0.0.0.0:* LISTEN /php-fpm
tcp 0.0.0.0: 0.0.0.0:* LISTEN /nginx
tcp 0.0.0.0: 0.0.0.0:* LISTEN /nginx
tcp 0.0.0.0: 0.0.0.0:* LISTEN /sshd
tcp 0.0.0.0: 0.0.0.0:* LISTEN /nginx
tcp 127.0.0.1: 0.0.0.0:* LISTEN /master
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 127.0.0.1: 127.0.0.1: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 127.0.0.1: 127.0.0.1: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.253: TIME_WAIT -
tcp 127.0.0.1: 127.0.0.1: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.253: TIME_WAIT -
tcp 127.0.0.1: 127.0.0.1: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.253: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.253: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.253: TIME_WAIT -
tcp 192.168.1.80: 192.168.1.253: ESTABLISHED /sshd
tcp 192.168.1.80: 192.168.1.98: TIME_WAIT -
tcp 127.0.0.1: 127.0.0.1: TIME_WAIT -
tcp ::: :::* LISTEN /mysqld
tcp ::: :::* LISTEN /sshd
tcp ::: :::* LISTEN /master
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
tcp ::ffff:192.168.1.80: ::ffff:192.168.1.80: TIME_WAIT -
[root@webserver ~]#
解决:发现系统存在大量TIME_WAIT状态的连接,通过调整内核参数解决
# vi /etc/sysctl.conf //加入以下内容,net.ipv4.tcp_syncookies默认就有,不需要再添加
# Controls the use of TCP syncookies cat >>/etc/sysctl.conf<<"EOF"
net.ipv4.tcp_syncookies = # The TIME-WAIT sockets for new connections can be reused
net.ipv4.tcp_tw_reuse = # Enable fast recycling of TIME-WAIT sockets status
net.ipv4.tcp_tw_recycle = # Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout =
EOF #然后执行 /sbin/sysctl -p 让参数生效
/sbin/sysctl -p
修改之后,过一会再看发现大量的TIME_WAIT 已不存在.
以上只是暂时的解决方法
附录:
附录1.参数说明
net.ipv4.tcp_syncookies = 1 表示开启SYN Cookies。当出现SYN等待队列溢出时,启用cookies来处理可防范少量SYN攻击,默认为0表示关闭;
net.ipv4.tcp_tw_reuse = 1 表示开启重用。允许将TIME-WAIT sockets重新用于新的TCP连接,默认为0,表示关闭;
net.ipv4.tcp_tw_recycle = 1 表示开启TCP连接中TIME-WAIT sockets的快速回收,默认为0,表示关闭。
net.ipv4.tcp_fin_timeout = 30 修改系統默认的TIMEOUT时间,改为30s