linux服務器,發現大量TIME_WAIT
今天登陸linux服務器,發現大量TIME_WAIT
參考資料:http://coolnull.com/3605.html 酷喃|coolnull| » 大量TIME_WAIT解決辦法
[root@webserver ~]# netstat -anltp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1886/php-fpm tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3556/nginx tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 3556/nginx tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1208/sshd tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN 3556/nginx tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1287/master tcp 0 0 192.168.1.80:38326 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38274 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38290 192.168.1.98:3310 TIME_WAIT - tcp 0 0 127.0.0.1:9000 127.0.0.1:7970 TIME_WAIT - tcp 0 0 192.168.1.80:38302 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38282 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38330 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38310 192.168.1.98:3310 TIME_WAIT - tcp 0 0 127.0.0.1:9000 127.0.0.1:7934 TIME_WAIT - tcp 0 0 192.168.1.80:80 192.168.1.253:9082 TIME_WAIT - tcp 0 0 127.0.0.1:9000 127.0.0.1:7950 TIME_WAIT - tcp 0 0 192.168.1.80:80 192.168.1.253:9080 TIME_WAIT - tcp 0 0 127.0.0.1:9000 127.0.0.1:7918 TIME_WAIT - tcp 0 0 192.168.1.80:80 192.168.1.253:9076 TIME_WAIT - tcp 0 0 192.168.1.80:38246 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38298 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38278 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38250 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38262 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38266 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:80 192.168.1.253:9074 TIME_WAIT - tcp 0 0 192.168.1.80:38314 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38318 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38258 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38294 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:80 192.168.1.253:9078 TIME_WAIT - tcp 0 2752 192.168.1.80:22 192.168.1.253:63163 ESTABLISHED 26740/sshd tcp 0 0 192.168.1.80:38334 192.168.1.98:3310 TIME_WAIT - tcp 0 0 127.0.0.1:9000 127.0.0.1:7986 TIME_WAIT - tcp 0 0 :::3306 :::* LISTEN 3508/mysqld tcp 0 0 :::22 :::* LISTEN 1208/sshd tcp 0 0 ::1:25 :::* LISTEN 1287/master tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11372 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11368 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11348 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11336 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11396 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11412 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11400 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11356 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11380 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11404 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11364 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11332 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11344 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11388 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11416 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11408 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11384 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11352 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11420 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11340 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11376 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11392 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11360 TIME_WAIT - [root@webserver ~]#
解決:發現系統存在大量TIME_WAIT狀態的連接,通過調整內核參數解決
# vi /etc/sysctl.conf //加入以下內容,net.ipv4.tcp_syncookies默認就有,不需要再添加 # Controls the use of TCP syncookies cat >>/etc/sysctl.conf<<"EOF" net.ipv4.tcp_syncookies = 1 # The TIME-WAIT sockets for new connections can be reused net.ipv4.tcp_tw_reuse = 1 # Enable fast recycling of TIME-WAIT sockets status net.ipv4.tcp_tw_recycle = 1 # Decrease the time default value for tcp_fin_timeout connection net.ipv4.tcp_fin_timeout = 30 EOF #然后執行 /sbin/sysctl -p 讓參數生效 /sbin/sysctl -p
修改之后,過一會再看發現大量的TIME_WAIT 已不存在.
以上只是暫時的解決方法
附錄:
附錄1.參數說明
net.ipv4.tcp_syncookies = 1 表示開啟SYN Cookies。當出現SYN等待隊列溢出時,啟用cookies來處理可防范少量SYN攻擊,默認為0表示關閉;
net.ipv4.tcp_tw_reuse = 1 表示開啟重用。允許將TIME-WAIT sockets重新用於新的TCP連接,默認為0,表示關閉;
net.ipv4.tcp_tw_recycle = 1 表示開啟TCP連接中TIME-WAIT sockets的快速回收,默認為0,表示關閉。
net.ipv4.tcp_fin_timeout = 30 修改系統默認的TIMEOUT時間,改為30s