系統在/var/log/messages中發現大量錯誤,內容如下:
root@real2 ~]# tail -f /var/log/messages
Oct 27 22:45:55 real2 kernel: printk: 1438 messages suppressed.
Oct 27 22:45:55 real2 kernel: TCP: time wait bucket table overflow
Oct 27 22:46:00 real2 kernel: printk: 1682 messages suppressed.
Oct 27 22:46:00 real2 kernel: TCP: time wait bucket table overflow
Oct 27 22:46:05 real2 kernel: printk: 1752 messages suppressed.
Oct 27 22:46:05 real2 kernel: TCP: time wait bucket table overflow
Oct 27 22:46:10 real2 kernel: printk: 1681 messages suppressed.
Oct 27 22:46:10 real2 kernel: TCP: time wait bucket table overflow
Oct 27 22:46:15 real2 kernel: printk: 1660 messages suppressed.
Oct 27 22:46:15 real2 kernel: TCP: time wait bucket table overflow
root@real2 ~]# tail -f /var/log/messages
Oct 27 22:45:55 real2 kernel: printk: 1438 messages suppressed.
Oct 27 22:45:55 real2 kernel: TCP: time wait bucket table overflow
Oct 27 22:46:00 real2 kernel: printk: 1682 messages suppressed.
Oct 27 22:46:00 real2 kernel: TCP: time wait bucket table overflow
Oct 27 22:46:05 real2 kernel: printk: 1752 messages suppressed.
Oct 27 22:46:05 real2 kernel: TCP: time wait bucket table overflow
Oct 27 22:46:10 real2 kernel: printk: 1681 messages suppressed.
Oct 27 22:46:10 real2 kernel: TCP: time wait bucket table overflow
Oct 27 22:46:15 real2 kernel: printk: 1660 messages suppressed.
Oct 27 22:46:15 real2 kernel: TCP: time wait bucket table overflow
原因:/proc/sys/net/ipv4/tcp_max_tw_buckets的值太小,才2000
解決方法:增大 tcp_max_tw_buckets的值,並不是這個值越小越好,我看了我係統中TIME_WAIT 大部是由php-fpm產生的,是屬於正常的現象
修改 /etc/sysctl.conf
net.ipv4.tcp_max_tw_buckets = 20000
sysctl -p 讓其生效
附TIME_WAIT
[root@real2 ~]#
[root@real2 ~]# netstat -an | grep 80 | awk ‘{print $6}’ | sort | uniq -c | sort -rn
5395 ESTABLISHED
2671 TIME_WAIT
978 FIN_WAIT2
501 FIN_WAIT1
165 SYN_RECV
71 LAST_ACK
2 CLOSING
1 LISTEN
[root@real2 ~]# netstat -an | grep 9000 | awk ‘{print $6}’ | sort | uniq -c | sort -rn
8550 TIME_WAIT
1 LISTEN
1 FIN_WAIT1
1 ESTABLISHED
tcp_max_tw_buckets 參數類型:整型
系統在同時所處理的最大timewait sockets 數目。如果超過此數的話﹐time-wait socket 會被立即砍除並且顯示警告信息。之所以要設定這個限制﹐純粹爲了抵禦那些簡單的 DoS ***﹐千萬不要人爲的降低這個限制﹐不過﹐如果網絡條件需要比默認值更多﹐則可以提高它(或許還要增加內存)。