儘量不要開啟
net.ipv4.tcp_tw_recycle
net.ipv4.tcp_tw_reuse
這兩個參數會對 NAT 環境下的(client/server)產生問題,造成封包被 drop
(Wireshark 可以看到 TCP Handshake, SYN 後沒有 SYN-ACK / ACK,然後重發一堆 SYN , tcp retransmission 的封包)
參考 :
http://www.cnxct.com/coping-with-the-tcp-time_wait-state-on-busy-linux-servers-in-chinese-and-dont-enable-tcp_tw_recycle/
原文 :
https://vincent.bernat.im/en/blog/2014-tcp-time-wait-state-linux.html
https://wiki.archlinux.org/index.php/sysctl
http://www.pagefault.info/?p=416
http://blog.sina.com.cn/s/blog_781b0c850100znjd.html
vim /etc/security/limits.conf
* soft nofile 32768
* hard nofile 65536
echo "net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 120
net.ipv4.ip_local_port_range = 5000 65000
net.ipv4.tcp_rmem = 4096 87380 524288
net.core.rmem_max = 1048576
net.core.wmem_max = 1048576
net.core.somaxconn = 2048
net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_sack = 0
net.ipv4.tcp_window_scaling = 0
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
sysctl -p
https://gist.github.com/kfox/1942782
# Kernel sysctl configuration file for Red Hat Linux## For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and# sysctl.conf(5) for more details.# Controls source route verificationnet.ipv4.conf.default.rp_filter = 1# Do not accept source routingnet.ipv4.conf.default.accept_source_route = 0# Controls the System Request debugging functionality of the kernelkernel.sysrq = 0# Controls whether core dumps will append the PID to the core filename.# Useful for debugging multi-threaded applications.kernel.core_uses_pid = 1# Disable netfilter on bridges.#net.bridge.bridge-nf-call-ip6tables = 0#net.bridge.bridge-nf-call-iptables = 0#net.bridge.bridge-nf-call-arptables = 0# cf. http://www.psc.edu/networking/projects/tcptune/#Linuxnet.ipv4.ip_forward = 1net.ipv4.neigh.default.gc_thresh1 = 4096net.ipv4.neigh.default.gc_thresh2 = 8192net.ipv4.neigh.default.gc_thresh3 = 16384net.ipv4.neigh.default.gc_interval = 5net.ipv4.neigh.default.base_reachable_time = 120net.ipv4.neigh.default.gc_stale_time = 120net.ipv4.neigh.default.base_reachable_time = 120net.ipv4.neigh.default.gc_stale_time = 120net.core.netdev_max_backlog = 262144#net.core.rmem_default = 16777216net.core.rmem_max = 108544net.core.somaxconn = 262144net.core.wmem_max = 108544net.netfilter.nf_conntrack_max = 10000000net.netfilter.nf_conntrack_tcp_timeout_established = 40net.netfilter.nf_conntrack_tcp_timeout_close = 10net.netfilter.nf_conntrack_tcp_timeout_close_wait = 10net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 10net.netfilter.nf_conntrack_tcp_timeout_last_ack = 10net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 10net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 10net.netfilter.nf_conntrack_tcp_timeout_time_wait = 10net.ipv4.tcp_fin_timeout = 1net.ipv4.tcp_max_orphans = 262144net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.tcp_max_syn_backlog = 262144net.ipv4.tcp_rmem = 4096 87380 16777216net.ipv4.tcp_sack = 0net.ipv4.tcp_syn_retries = 2net.ipv4.tcp_synack_retries = 2net.ipv4.tcp_syncookies = 0net.ipv4.tcp_timestamps = 0net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_wmem = 4096 16384 16777216Watch this for more insight: http://vimeo.com/70369211 Slides http://cdn.oreillystatic.com/en/assets/1/event/94/Tuning%20TCP%20For%20The%20Web%20Presentation.pdf
沒有留言:
張貼留言