问题
MySQL经常卡死,netstat -nat看一下,TIME_WAIT成千上万……
解决
修改/etc/sysctl.conf文件,增加以下内容
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
保存完后使用sysctl -p使系统生效。
分析[转载]
客户端与服务器端建立TCP/IP连接后关闭SOCKET后,服务器端连接的端口状态为TIME_WAIT.主动关闭的一方在发送最后一个 ack 后,就会进入 TIME_WAIT 状态 停留2MSL(max segment lifetime)时间,这个是TCP/IP必不可少的,也就是“解决”不了的,也就是TCP/IP设计者本来是这么设计的。
net.ipv4.tcp_syncookies = 1
//表示开启SYN cookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击,默认为0,表示关闭net.ipv4.tcp_tw_reuse = 1
//表示开启重用。允许将TIME-WAIT sockets重新用于新的TCP连接,默认为0,表示关闭;net.ipv4.tcp_tw_recycle = 1
//表示开启TCP连接中TIME-WAIT sockets的快速回收,默认为0,表示关闭net.ipv4.tcp_fin_timeout = 30
//修改系統默认的 TIMEOUT 时间
CentOS 7
在centos7 之间,我们修改内核参数,都是使用/etc/sysctl.conf文件,但是在7之后,就不再是这个文件了
看看
[root@test74 ~]# cat /etc/sysctl.conf
sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
[root@test74 ~]#
所以如果我们想修改内核参数,就修改这个文 /usr/lib/sysctl.d/00-system.conf
#关闭ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1# 避免放大攻击
net.ipv4.icmp_echo_ignore_broadcasts = 1# 开启恶意icmp错误消息保护
net.ipv4.icmp_ignore_bogus_error_responses = 1#关闭路由转发
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0#开启反向路径过滤
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1#处理无源路由的包
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0#关闭sysrq功能
kernel.sysrq = 0#core文件名中添加pid作为扩展名
kernel.core_uses_pid = 1# 开启SYN洪水攻击保护
net.ipv4.tcp_syncookies = 1#修改消息队列长度
kernel.msgmnb = 65536
kernel.msgmax = 65536#设置最大内存共享段大小bytes
kernel.shmmax = 68719476736
kernel.shmall = 4294967296#timewait的数量,默认180000
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
出处:http://yiyulinfeng.com/2018/01/22/centos-7-%E5%86%85%E6%A0%B8%E6%96%87%E4%BB%B6system-conf/
CentOS7 高并发优化
扩展最大文件描述符数量
ulimit -SHn 1024000
echo “ulimit -SHn 1024000” >> /etc/rc.d/rc.local
source /etc/rc.d/rc.local
内核参数优化 /etc/sysctl.conf
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_max_tw_buckets = 100
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_syn_backlog = 3240000
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_no_metrics_save=1
#net.ipv4.tcp_keepalive_time = 60
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv4.conf.lo.arp_announce=2
fs.file-max = 40000500
fs.nr_open = 40000500
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_keepalive_time = 1
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_fin_timeout = 5
net.ipv4.tcp_mem = 768432 2097152 15242880
net.ipv4.tcp_rmem = 4096 4096 33554432
net.ipv4.tcp_wmem = 4096 4096 33554432
net.core.somaxconn = 6553600
net.ipv4.ip_local_port_range = 2048 64500
net.core.wmem_default = 183888608
net.core.rmem_default = 183888608
net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.core.netdev_max_backlog = 2621244
kernel.sem=250 65536 100 2048
kernel.shmmni = 655360
kernel.shmmax = 34359738368
kerntl.shmall = 4194304
kernel.msgmni = 65535
kernel.msgmax = 65536
kernel.msgmnb = 65536
net.netfilter.nf_conntrack_max=1000000
net.nf_conntrack_max=1000000
net.ipv4.netfilter.ip_conntrack_max=1000000
kernel.perf_cpu_time_max_percent=60
kernel.perf_event_max_sample_rate=6250
net.ipv4.tcp_max_orphans=1048576
kernel.sched_migration_cost_ns=5000000
net.core.optmem_max = 25165824
vm.max_map_count=262144
kernel.sem=10000 2560000 10000 256
最后sysctl -p
以上摘自https://www.jianshu.com/p/d05fae1f1724
Linux服务器下查看网络连接的状态
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
它会显示例如下面的信息:
LISTEN 18
TIME_WAIT 21814
ESTABLISHED 135
其他参考
- CentOS 7 运维优化 - 宁静致远’s 博客 - CSDN博客
- centos7之系统优化方案 - Jokerbj - 博客园
- centos7.2系统优化 - fangoooooooooooo的博客 - CSDN博客