How Do I Reduce the Time for Canceling TCP Connections in TIME_WAIT State on Linux
Question
In a large-scale Linux environment, a large number of Transmission Control Protocol (TCP) connections in TIME_WAIT state exist after Nginx reverse proxy service is adopted. By default, TCP connections in TIME_WAIT state are canceled in 2 minutes, which reduces system throughputs. How do I modify the kernel parameters of Linux to reduce the time for canceling TCP connections in TIME_WAIT states and increase the upper limit of nf_conntrack?
Answer
- Log in to the Linux OS as the root user.
Remotely log in to the server as the ossuser.
- Modify the configuration file to modify the kernel parameters of Linux.
- Switch to the /etc directory.
# cd /etc
/ is the root directory of Linux.
- You are advised to back up the configuration file sysctl.conf before modifying it. If the backup file name is sysctl.conf_bak, run the following command to back up the file:
# cp sysctl.conf sysctl.conf_bak
- Open the sysctl.conf file in text mode.
# vi sysctl.conf
- Add the following contents to the sysctl.conf file:
net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_fin_timeout = 30 net.nf_conntrack_max = 655360 net.netfilter.nf_conntrack_tcp_timeout_established = 1200
Set net.ipv4.tcp_tw_recycle to 0 in the NAT environmenHow Do I Check Whether Host Names in the SUSE Linux System Files Are the Samet and to 1 in other environments.
- Run the following command for the parameters to take effect:
# /sbin/sysctl -p
- Switch to the /etc directory.
