LINUX TCP PARAMETERS
tcp_max_orphans
1 | file: /proc/sys/net/ipv4/tcp_max_orphans |
Maximal number of TCP sockets not attached to any user file handle, held by system. If this number is exceeded orphaned connections are reset immediately and warning
is printed. This limit exists only to prevent simple DoS attacks, you must not rely on this or lower the limit artificially, but rather increase it (probably, after increasing installed memory), if network conditions require more than default value, and tune network services to linger and kill such states more aggressively. Let me to remind again: each orphan eats up to ~64 KB of
unswappable memory.
2G内存的centos
net.ipv4.tcp_max_orphans = 8192
16G内存的centos上
net.ipv4.tcp_max_orphans = 65536
8G内存的centos
net.ipv4.tcp_max_orphans = 32768
内存每增加1G,值增加4096
tcp_tw_reuse
1 | file: /proc/sys/net/ipv4/tcp_tw_reuse |
Official reference
Allow to reuse TIME-WAIT sockets for new connections when it is safe from protocol viewpoint. Default value is 0.
It should not be changed without advice/request of technical experts.
tcp_keepalive_time
tcp_keepalive_time = 7200 seconds (2 hours)tcp_keepalive_probes = 9tcp_keepalive_intvl = 75 seconds
意思是如果某个TCP连接在idle 2个小时后,内核才发起probe.如果probe 9次(每次75秒)不成功,内核才彻底放弃,认为该连接已失效.对服务器而言,显然上述值太大.
可调整到:/proc/sys/net/ipv4/tcp_keepalive_time 1800/proc/sys/net/ipv4/tcp_keepalive_intvl 30/proc/sys/net/ipv4/tcp_keepalive_probes 3