\u5185\u6838\u7684\u4f18\u5316\u8ddf\u670d\u52a1\u5668\u7684\u4f18\u5316\u4e00\u6837\uff0c\u5e94\u672c\u7740\u7a33\u5b9a\u5b89\u5168\u7684\u539f\u5219\u3002\u4e0b\u9762\u4ee564\u4f4d\u7684CentOS 5.5\u4e0b\u7684Squid\u670d\u52a1\u5668\u4e3a\u4f8b\u6765\u8bf4\u660e\uff0c\u5f85\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u7aef\u5efa\u7acbTCP\/IP\u8fde\u63a5\u540e\u5c31\u4f1a\u5173\u95edSOCKET\uff0c\u670d\u52a1\u5668\u7aef\u8fde\u63a5\u7684\u7aef\u53e3\u72b6\u6001\u4e5f\u5c31\u53d8\u4e3aTIME_WAIT\u4e86\u3002<\/p>\n
\u3000\u3000\u90a3\u662f\u4e0d\u662f\u6240\u6709\u6267\u884c\u4e3b\u52a8\u5173\u95ed\u7684SOCKET\u90fd\u4f1a\u8fdb\u5165TIME_WAIT\u72b6\u6001\u5462\uff1f\u6709\u6ca1\u6709\u4ec0\u4e48\u60c5\u51b5\u4f7f\u4e3b\u52a8\u5173\u95ed\u7684SOCKET\u76f4\u63a5\u8fdb\u5165CLOSED\u72b6\u6001\u5462\uff1f\u7b54\u6848\u662f\u4e3b\u52a8\u5173\u95ed\u7684\u4e00\u65b9\u5728\u53d1\u9001\u6700\u540e\u4e00\u4e2aACK\u540e\u5c31\u4f1a\u8fdb\u5165TIME_WAIT\u72b6\u6001\uff0c\u5e76\u505c\u75592MSL(Max Segment LifeTime)\u65f6\u95f4\uff0c\u8fd9\u4e2a\u662fTCP\/IP\u5fc5\u4e0d\u53ef\u5c11\u7684\uff0c\u4e5f\u5c31\u662f\u201c\u89e3\u51b3\u201d\u4e0d\u4e86\u7684\u3002
\n\u3000\u3000TCP\/IP\u7684\u8bbe\u8ba1\u8005\u5982\u6b64\u8bbe\u8ba1\uff0c\u4e3b\u8981\u539f\u56e0\u6709\u4e24\u4e2a\uff1a<\/p>\n
\u3000\u3000\u9632\u6b62\u4e0a\u4e00\u6b21\u8fde\u63a5\u4e2d\u7684\u5305\u8ff7\u8def\u540e\u91cd\u65b0\u51fa\u73b0\uff0c\u5f71\u54cd\u65b0\u7684\u8fde\u63a5(\u7ecf\u8fc72MSL\u65f6\u95f4\u540e\uff0c\u4e0a\u4e00\u6b21\u8fde\u63a5\u4e2d\u6240\u6709\u91cd\u590d\u7684\u5305\u90fd\u4f1a\u6d88\u5931)\u3002<\/p>\n
\u3000\u3000\u4e3a\u4e86\u53ef\u9760\u5730\u5173\u95edTCP\u8fde\u63a5\u3002\u4e3b\u52a8\u5173\u95ed\u65b9\u53d1\u9001\u7684\u6700\u540e\u4e00\u4e2aACK(FIN)\u6709\u53ef\u80fd\u4f1a\u4e22\u5931\uff0c\u5982\u679c\u4e22\u5931\uff0c\u88ab\u52a8\u65b9\u4f1a\u91cd\u65b0\u53d1FIN\uff0c\u8fd9\u65f6\u5982\u679c\u4e3b\u52a8\u65b9\u5904\u4e8eCLOSED\u72b6\u6001\uff0c\u5c31\u4f1a\u54cd\u5e94RST\u800c\u4e0d\u662fACK\u3002\u6240\u4ee5\u4e3b\u52a8\u65b9\u8981\u5904\u4e8eTIME_WAIT\u72b6\u6001\uff0c\u800c\u4e0d\u80fd\u662fCLOSED\u72b6\u6001\u3002\u53e6\u5916\uff0cTIME_WAIT\u5e76\u4e0d\u4f1a\u5360\u7528\u5f88\u5927\u7684\u8d44\u6e90\uff0c\u9664\u975e\u53d7\u5230\u653b\u51fb\u3002<\/p>\n
\u3000\u3000\u5728Squid\u670d\u52a1\u5668\u4e2d\u53ef\u8f93\u5165\u67e5\u770b\u5f53\u524d\u8fde\u63a5\u7edf\u8ba1\u6570\u7684\u547d\u4ee4\uff0c\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n
\u3000\u3000netstat -n| awk '\/^tcp\/ {++S[$NF]} END {for(a in S) print a, S[a]}' LAST_ACK 14 SYN_RECV 348 ESTABLISHED 70 FIN_WAIT1 229 FIN_WAIT2 30 CLOSING 33 TIME_WAIT 18122<\/p>\n
\u3000\u3000CLOSED\uff1a\u65e0\u8fde\u63a5\u662f\u6d3b\u52a8\u7684\u6216\u6b63\u5728\u8fdb\u884c\u4e2d\u7684\u3002<\/p>\n
\u3000\u3000LISTEN\uff1a\u670d\u52a1\u5668\u5728\u7b49\u5f85\u8fdb\u5165\u547c\u53eb\u3002<\/p>\n
\u3000\u3000SYN_RECV\uff1a\u4e00\u4e2a\u8fde\u63a5\u8bf7\u6c42\u5df2\u7ecf\u5230\u8fbe\uff0c\u7b49\u5f85\u786e\u8ba4\u3002<\/p>\n
\u3000\u3000SYN_SENT\uff1a\u5e94\u7528\u5df2\u7ecf\u5f00\u59cb\uff0c\u6253\u5f00\u4e00\u4e2a\u8fde\u63a5\u3002<\/p>\n
\u3000\u3000ESTABLISHED\uff1a\u6b63\u5e38\u6570\u636e\u4f20\u8f93\u72b6\u6001\u3002<\/p>\n
\u3000\u3000FIN_WAIT1\uff1a\u5e94\u7528\u8bf4\u5b83\u5df2\u7ecf\u5b8c\u6210\u3002<\/p>\n
\u3000\u3000FIN_WAIT2\uff1a\u53e6\u4e00\u8fb9\u5df2\u540c\u610f\u91ca\u653e\u3002<\/p>\n
\u3000\u3000CLOSING\uff1a\u4e24\u8fb9\u540c\u65f6\u5c1d\u8bd5\u5173\u95ed\u3002<\/p>\n
\u3000\u3000TIME_WAIT\uff1a\u53e6\u4e00\u8fb9\u5df2\u521d\u59cb\u5316\u4e00\u4e2a\u91ca\u653e\u3002<\/p>\n
\u3000\u3000LAST_ACK\uff1a\u7b49\u5f85\u6240\u6709\u5206\u7ec4\u6b7b\u6389\u3002<\/p>\n
\u3000\u3000\u4e5f\u5c31\u662f\u8bf4\uff0c\u8fd9\u6761\u547d\u4ee4\u53ef\u4ee5\u628a\u5f53\u524d\u7cfb\u7edf\u7684\u7f51\u7edc\u8fde\u63a5\u72b6\u6001\u5206\u7c7b\u6c47\u603b\u3002<\/p>\n
\u3000\u3000\u5728Linux\u4e0b\u9ad8\u5e76\u53d1\u7684Squid\u670d\u52a1\u5668\u4e2d\uff0cTCP TIME_WAIT\u5957\u63a5\u5b57\u6570\u91cf\u7ecf\u5e38\u53ef\u8fbe\u4e24\u4e09\u4e07\uff0c\u670d\u52a1\u5668\u5f88\u5bb9\u6613\u5c31\u4f1a\u88ab\u62d6\u6b7b\u3002\u4e0d\u8fc7\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539Linux\u5185\u6838\u53c2\u6570\u6765\u51cf\u5c11Squid\u670d\u52a1\u5668\u7684TIME_WAIT\u5957\u63a5\u5b57\u6570\u91cf\uff0c\u547d\u4ee4\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n
\u3000\u3000vim \/etc\/sysctl.conf<\/p>\n
\u3000\u3000\u7136\u540e\uff0c\u589e\u52a0\u4ee5\u4e0b\u53c2\u6570\uff1a<\/p>\n
net.ipv4.tcp_fin_timeout = 30
\nnet.ipv4.tcp_keepalive_time = 1200
\nnet.ipv4.tcp_syncookies = 1
\nnet.ipv4.tcp_tw_reuse = 1
\nnet.ipv4.tcp_tw_recycle = 1
\nnet.ipv4.ip_local_port_range = 1024 65000
\nnet.ipv4.tcp_max_syn_backlog = 8192
\nnet.ipv4.tcp_max_tw_buckets = 5000<\/p>\n
\u3000\u3000\u5176\u4e2d\uff1a<\/p>\n
\u3000\u3000net.ipv4.tcp_syncookies=1\u8868\u793a\u5f00\u542fSYN Cookies\u3002\u5f53\u51fa\u73b0SYN\u7b49\u5f85\u961f\u5217\u6ea2\u51fa\u65f6\uff0c\u542f\u7528cookie\u6765\u5904\u7406\uff0c\u53ef\u9632\u8303\u5c11\u91cf\u7684SYN\u653b\u51fb\u3002\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\u3002<\/p>\n
\u3000\u3000net.ipv4.tcp_tw_reuse=1\u8868\u793a\u5f00\u542f\u91cd\u7528\u3002\u5141\u8bb8\u5c06TIME-WAIT\u5957\u63a5\u5b57\u91cd\u65b0\u7528\u4e8e\u65b0\u7684TCP\u8fde\u63a5\u3002\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\u3002<\/p>\n
\u3000\u3000net.ipv4.tcp_tw_recycle=1\u8868\u793a\u5f00\u542fTCP\u8fde\u63a5\u4e2dTIME-WAIT\u5957\u63a5\u5b57\u7684\u5feb\u901f\u56de\u6536\u3002\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\u3002<\/p>\n
\u3000\u3000net.ipv4.tcp_fin_timeout=30\u8868\u793a\u5982\u679c\u5957\u63a5\u5b57\u7531\u672c\u7aef\u8981\u6c42\u5173\u95ed\uff0c\u8fd9\u4e2a\u53c2\u6570\u51b3\u5b9a\u4e86\u5b83\u4fdd\u6301\u5728FIN-WAIT-2\u72b6\u6001\u7684\u65f6\u95f4\u3002<\/p>\n
\u3000\u3000net.ipv4.tcp_keepalive_time=1200\u8868\u793a\u5f53keepalive\u542f\u7528\u65f6\uff0cTCP\u53d1\u9001keepalive\u6d88\u606f\u7684\u9891\u5ea6\u3002\u9ed8\u8ba4\u662f2\u5c0f\u65f6\uff0c\u8fd9\u91cc\u6539\u4e3a20\u5206\u949f\u3002<\/p>\n
\u3000\u3000net.ipv4.ip_local_port_range=1024 65000\u8868\u793a\u5411\u5916\u8fde\u63a5\u7684\u7aef\u53e3\u8303\u56f4\u3002\u9ed8\u8ba4\u503c\u5f88\u5c0f\uff1a32768\uff5e61000\uff0c\u6539\u4e3a1024\uff5e65000\u3002<\/p>\n
\u3000\u3000net.ipv4.tcp_max_syn_backlog=8192\u8868\u793aSYN\u961f\u5217\u7684\u957f\u5ea6\uff0c\u9ed8\u8ba4\u4e3a1024\uff0c\u52a0\u5927\u961f\u5217\u957f\u5ea6\u4e3a8192\uff0c\u53ef\u4ee5\u5bb9\u7eb3\u66f4\u591a\u7b49\u5f85\u8fde\u63a5\u7684\u7f51\u7edc\u8fde\u63a5\u6570\u3002<\/p>\n
\u3000\u3000net.ipv4.tcp_max_tw_buckets=5000\u8868\u793a\u7cfb\u7edf\u540c\u65f6\u4fdd\u6301TIME_WAIT\u5957\u63a5\u5b57\u7684\u6700\u5927\u6570\u91cf\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u6570\u5b57\uff0cTIME_WAIT\u5957\u63a5\u5b57\u5c06\u7acb\u523b\u88ab\u6e05\u9664\u5e76\u6253\u5370\u8b66\u544a\u4fe1\u606f\u3002\u9ed8\u8ba4\u4e3a180000\uff0c\u6539\u4e3a5000\u3002\u5bf9\u4e8eApache\u3001Nginx\u7b49\u670d\u52a1\u5668\uff0c\u524d\u9762\u4ecb\u7ecd\u7684\u51e0\u4e2a\u53c2\u6570\u5df2\u7ecf\u53ef\u4ee5\u5f88\u597d\u5730\u51cf\u5c11TIME_WAIT\u5957\u63a5\u5b57\u6570\u91cf\uff0c\u4f46\u662f\u5bf9\u4e8eSquid\u6765\u8bf4\uff0c\u6548\u679c\u5374\u4e0d\u5927\u3002\u6709\u4e86\u6b64\u53c2\u6570\u5c31\u53ef\u4ee5\u63a7\u5236TIME_WAIT\u5957\u63a5\u5b57\u7684\u6700\u5927\u6570\u91cf\uff0c\u907f\u514dSquid\u670d\u52a1\u5668\u88ab\u5927\u91cf\u7684TIME_WAIT\u5957\u63a5\u5b57\u62d6\u6b7b\u3002<\/p>\n
\u3000\u3000\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u4f7f\u5185\u6838\u914d\u7f6e\u7acb\u5373\u751f\u6548\uff1a<\/p>\n
\u3000\u3000\/sbin\/sysctl -p<\/p>\n
\u3000\u3000\u5982\u679c\u662f\u7528\u4e8eApache\u6216Nginx\u7b49\u7684Web\u670d\u52a1\u5668\uff0c\u6216Nginx\u7684\u53cd\u5411\u4ee3\u7406\uff0c\u5219\u53ea\u9700\u8981\u66f4\u6539\u4ee5\u4e0b\u51e0\u9879\u5373\u53ef\uff1a<\/p>\n
\u3000\u3000net.ipv4.tcp_syncookies=1 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.ip_local_port_range = 1024 65000<\/p>\n
\u3000\u3000\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u4f7f\u5185\u6838\u914d\u7f6e\u7acb\u5373\u751f\u6548\uff1a<\/p>\n
\u3000\u3000\/sbin\/sysctl -p<\/p>\n
\u3000\u3000\u5982\u679c\u662f\u90ae\u4ef6\u670d\u52a1\u5668\uff0c\u5219\u5efa\u8bae\u5185\u6838\u65b9\u6848\u5982\u4e0b\uff1a<\/p>\n
\u3000\u3000net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 300 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.ip_local_port_range = 5000 65000 kernel.shmmax = 134217728<\/p>\n
\u3000\u3000\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u4f7f\u5185\u6838\u914d\u7f6e\u7acb\u5373\u751f\u6548\uff1a<\/p>\n
\u3000\u3000\/sbin\/sysctl -p<\/p>\n
\u3000\u3000\u5f53\u7136\u8fd9\u4e9b\u90fd\u53ea\u662f\u6700\u57fa\u672c\u7684\u66f4\u6539\uff0c\u5927\u5bb6\u8fd8\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\u6765\u66f4\u6539\u5185\u6838\u7684\u8bbe\u7f6e\uff0c\u540c\u6837\u4e5f\u8981\u672c\u7740\u7a33\u5b9a\u7684\u539f\u5219\uff0c\u5982\u679c\u670d\u52a1\u5668\u4e0d\u7a33\u5b9a\u7684\u8bdd\uff0c\u4e00\u5207\u5de5\u4f5c\u548c\u52aa\u529b\u90fd\u4f1a\u767d\u8d39\u3002\u5982\u679c\u4ee5\u4e0a\u4f18\u5316\u4ecd\u65e0\u6cd5\u6ee1\u8db3\u4f60\u7684\u8981\u6c42\uff0c\u6709\u53ef\u80fd\u4f60\u9700\u8981\u5b9a\u5236\u4f60\u7684\u670d\u52a1\u5668\u5185\u6838\u6216\u5347\u7ea7\u670d\u52a1\u5668\u786c\u4ef6\u3002\u81f3\u4e8e\u670d\u52a1\u7684\u914d\u7f6e\u4f18\u5316\uff0c\u8d85\u51fa\u4e86\u672c\u7ae0\u7684\u5185\u5bb9\uff0c\u5927\u5bb6\u53ef\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\u6709\u9488\u5bf9\u6027\u5730\u8fdb\u884c\u66f4\u6539\u3002<\/p>\n
ulimit -a \u67e5\u770b\u5185\u6838\u53c2\u6570\u9650\u5236
\n\u53c2\u6570\u914d\u7f6e\u6587\u4ef6\uff1a\/etc\/security\/limits.d\/90-nproc.conf <\/p>\n","protected":false},"excerpt":{"rendered":"
\u5185\u6838\u7684\u4f18\u5316\u8ddf\u670d\u52a1\u5668\u7684\u4f18\u5316\u4e00\u6837\uff0c\u5e94\u672c\u7740\u7a33\u5b9a\u5b89\u5168\u7684\u539f\u5219\u3002\u4e0b\u9762\u4ee564\u4f4d\u7684CentOS 5.5\u4e0b\u7684Squid\u670d\u52a1\u5668\u4e3a\u4f8b\u6765\u8bf4\u660e\uff0c\u5f85\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u7aef\u5efa\u7acbTCP\/IP\u8fde\u63a5\u540e\u5c31\u4f1a\u5173\u95edSOCKET\uff0c\u670d\u52a1\u5668\u7aef\u8fde\u63a5\u7684\u7aef\u53e3\u72b6\u6001\u4e5f\u5c31\u53d8\u4e3aTIME_WAIT\u4e86\u3002 \u3000\u3000\u90a3\u662f\u4e0d\u662f\u6240\u6709\u6267\u884c\u4e3b\u52a8\u5173\u95ed\u7684SOCKET\u90fd\u4f1a\u8fdb\u5165TIME_WAIT\u72b6\u6001\u5462\uff1f\u6709\u6ca1\u6709\u4ec0\u4e48\u60c5\u51b5\u4f7f\u4e3b\u52a8\u5173\u95ed\u7684SOCKET\u76f4\u63a5\u8fdb\u5165CLOSED\u72b6\u6001\u5462\uff1f\u7b54\u6848\u662f\u4e3b\u52a8\u5173\u95ed\u7684\u4e00\u65b9\u5728\u53d1\u9001\u6700\u540e\u4e00\u4e2aACK\u540e\u5c31\u4f1a\u8fdb\u5165TIME_WAIT\u72b6\u6001\uff0c\u5e76\u505c\u75592MSL(Max Segment LifeTime)\u65f6\u95f4\uff0c\u8fd9\u4e2a\u662fTCP\/IP\u5fc5\u4e0d\u53ef\u5c11\u7684\uff0c\u4e5f\u5c31\u662f\u201c\u89e3\u51b3\u201d\u4e0d\u4e86\u7684\u3002 \u3000\u3000TCP\/IP\u7684\u8bbe\u8ba1\u8005\u5982\u6b64\u8bbe\u8ba1\uff0c\u4e3b\u8981\u539f\u56e0\u6709\u4e24\u4e2a\uff1a \u3000\u3000\u9632\u6b62\u4e0a\u4e00\u6b21\u8fde\u63a5\u4e2d\u7684\u5305\u8ff7\u8def\u540e\u91cd\u65b0\u51fa\u73b0\uff0c\u5f71\u54cd\u65b0\u7684\u8fde\u63a5(\u7ecf\u8fc72MSL\u65f6\u95f4\u540e\uff0c\u4e0a\u4e00\u6b21\u8fde\u63a5\u4e2d\u6240\u6709\u91cd\u590d\u7684\u5305\u90fd\u4f1a\u6d88\u5931)\u3002 \u3000\u3000\u4e3a\u4e86\u53ef\u9760\u5730\u5173\u95edTCP\u8fde\u63a5\u3002\u4e3b\u52a8\u5173\u95ed\u65b9\u53d1\u9001\u7684\u6700\u540e\u4e00\u4e2aACK(FIN)\u6709\u53ef\u80fd\u4f1a\u4e22\u5931\uff0c\u5982\u679c\u4e22\u5931\uff0c\u88ab\u52a8\u65b9\u4f1a\u91cd\u65b0\u53d1FIN\uff0c\u8fd9\u65f6\u5982\u679c\u4e3b\u52a8\u65b9\u5904\u4e8eCLOSED\u72b6\u6001\uff0c\u5c31\u4f1a\u54cd\u5e94RST\u800c\u4e0d\u662fACK\u3002\u6240\u4ee5\u4e3b\u52a8\u65b9\u8981\u5904\u4e8eTIME_WAIT\u72b6\u6001\uff0c\u800c\u4e0d\u80fd\u662fCLOSED\u72b6\u6001\u3002\u53e6\u5916\uff0cTIME_WAIT\u5e76\u4e0d\u4f1a\u5360\u7528\u5f88\u5927\u7684\u8d44\u6e90\uff0c\u9664\u975e\u53d7\u5230\u653b\u51fb\u3002 \u3000\u3000\u5728Squid\u670d\u52a1\u5668\u4e2d\u53ef\u8f93\u5165\u67e5\u770b\u5f53\u524d\u8fde\u63a5\u7edf\u8ba1\u6570\u7684\u547d\u4ee4\uff0c\u5982\u4e0b\u6240\u793a\uff1a \u3000\u3000netstat -n| awk ‘\/^tcp\/ {++S[$NF]} END {for(a in S) print a, S[a]}’ LAST_ACK 14 SYN_RECV 348 ESTABLISHED 70 FIN_WAIT1 229 FIN_WAIT2 30 CLOSING 33 TIME_WAIT 18122 \u3000\u3000CLOSED\uff1a\u65e0\u8fde\u63a5\u662f\u6d3b\u52a8\u7684\u6216\u6b63\u5728\u8fdb\u884c\u4e2d\u7684\u3002 \u3000\u3000LISTEN\uff1a\u670d\u52a1\u5668\u5728\u7b49\u5f85\u8fdb\u5165\u547c\u53eb\u3002 \u3000\u3000SYN_RECV\uff1a\u4e00\u4e2a\u8fde\u63a5\u8bf7\u6c42\u5df2\u7ecf\u5230\u8fbe\uff0c\u7b49\u5f85\u786e\u8ba4\u3002 \u3000\u3000SYN_SENT\uff1a\u5e94\u7528\u5df2\u7ecf\u5f00\u59cb\uff0c\u6253\u5f00\u4e00\u4e2a\u8fde\u63a5\u3002 \u3000\u3000ESTABLISHED\uff1a\u6b63\u5e38\u6570\u636e\u4f20\u8f93\u72b6\u6001\u3002 \u3000\u3000FIN_WAIT1\uff1a\u5e94\u7528\u8bf4\u5b83\u5df2\u7ecf\u5b8c\u6210\u3002 \u3000\u3000FIN_WAIT2\uff1a\u53e6\u4e00\u8fb9\u5df2\u540c\u610f\u91ca\u653e\u3002 \u3000\u3000CLOSING\uff1a\u4e24\u8fb9\u540c\u65f6\u5c1d\u8bd5\u5173\u95ed\u3002 \u3000\u3000TIME_WAIT\uff1a\u53e6\u4e00\u8fb9\u5df2\u521d\u59cb\u5316\u4e00\u4e2a\u91ca\u653e\u3002 \u3000\u3000LAST_ACK\uff1a\u7b49\u5f85\u6240\u6709\u5206\u7ec4\u6b7b\u6389\u3002 \u3000\u3000\u4e5f\u5c31\u662f\u8bf4\uff0c\u8fd9\u6761\u547d\u4ee4\u53ef\u4ee5\u628a\u5f53\u524d\u7cfb\u7edf\u7684\u7f51\u7edc\u8fde\u63a5\u72b6\u6001\u5206\u7c7b\u6c47\u603b\u3002 \u3000\u3000\u5728Linux\u4e0b\u9ad8\u5e76\u53d1\u7684Squid\u670d\u52a1\u5668\u4e2d\uff0cTCP TIME_WAIT\u5957\u63a5\u5b57\u6570\u91cf\u7ecf\u5e38\u53ef\u8fbe\u4e24\u4e09\u4e07\uff0c\u670d\u52a1\u5668\u5f88\u5bb9\u6613\u5c31\u4f1a\u88ab\u62d6\u6b7b\u3002\u4e0d\u8fc7\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539Linux\u5185\u6838\u53c2\u6570\u6765\u51cf\u5c11Squid\u670d\u52a1\u5668\u7684TIME_WAIT\u5957\u63a5\u5b57\u6570\u91cf\uff0c\u547d\u4ee4\u5982\u4e0b\u6240\u793a\uff1a \u3000\u3000vim \/etc\/sysctl.conf \u3000\u3000\u7136\u540e\uff0c\u589e\u52a0\u4ee5\u4e0b\u53c2\u6570\uff1a net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_max_tw_buckets = 5000 \u3000\u3000\u5176\u4e2d\uff1a \u3000\u3000net.ipv4.tcp_syncookies=1\u8868\u793a\u5f00\u542fSYN Cookies\u3002\u5f53\u51fa\u73b0SYN\u7b49\u5f85\u961f\u5217\u6ea2\u51fa\u65f6\uff0c\u542f\u7528cookie\u6765\u5904\u7406\uff0c\u53ef\u9632\u8303\u5c11\u91cf\u7684SYN\u653b\u51fb\u3002\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\u3002 \u3000\u3000net.ipv4.tcp_tw_reuse=1\u8868\u793a\u5f00\u542f\u91cd\u7528\u3002\u5141\u8bb8\u5c06TIME-WAIT\u5957\u63a5\u5b57\u91cd\u65b0\u7528\u4e8e\u65b0\u7684TCP\u8fde\u63a5\u3002\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\u3002 \u3000\u3000net.ipv4.tcp_tw_recycle=1\u8868\u793a\u5f00\u542fTCP\u8fde\u63a5\u4e2dTIME-WAIT\u5957\u63a5\u5b57\u7684\u5feb\u901f\u56de\u6536\u3002\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\u3002 \u3000\u3000net.ipv4.tcp_fin_timeout=30\u8868\u793a\u5982\u679c\u5957\u63a5\u5b57\u7531\u672c\u7aef\u8981\u6c42\u5173\u95ed\uff0c\u8fd9\u4e2a\u53c2\u6570\u51b3\u5b9a\u4e86\u5b83\u4fdd\u6301\u5728FIN-WAIT-2\u72b6\u6001\u7684\u65f6\u95f4\u3002 \u3000\u3000net.ipv4.tcp_keepalive_time=1200\u8868\u793a\u5f53keepalive\u542f\u7528\u65f6\uff0cTCP\u53d1\u9001keepalive\u6d88\u606f\u7684\u9891\u5ea6\u3002\u9ed8\u8ba4\u662f2\u5c0f\u65f6\uff0c\u8fd9\u91cc\u6539\u4e3a20\u5206\u949f\u3002 \u3000\u3000net.ipv4.ip_local_port_range=1024 65000\u8868\u793a\u5411\u5916\u8fde\u63a5\u7684\u7aef\u53e3\u8303\u56f4\u3002\u9ed8\u8ba4\u503c\u5f88\u5c0f\uff1a32768\uff5e61000\uff0c\u6539\u4e3a1024\uff5e65000\u3002 \u3000\u3000net.ipv4.tcp_max_syn_backlog=8192\u8868\u793aSYN\u961f\u5217\u7684\u957f\u5ea6\uff0c\u9ed8\u8ba4\u4e3a1024\uff0c\u52a0\u5927\u961f\u5217\u957f\u5ea6\u4e3a8192\uff0c\u53ef\u4ee5\u5bb9\u7eb3\u66f4\u591a\u7b49\u5f85\u8fde\u63a5\u7684\u7f51\u7edc\u8fde\u63a5\u6570\u3002 \u3000\u3000net.ipv4.tcp_max_tw_buckets=5000\u8868\u793a\u7cfb\u7edf\u540c\u65f6\u4fdd\u6301T…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","footnotes":""},"categories":[99,87,101,80],"tags":[],"class_list":["post-1527","post","type-post","status-publish","format-standard","hentry","category-centos","category-linux","category-101","category-80"],"_links":{"self":[{"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/posts\/1527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1527"}],"version-history":[{"count":1,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/posts\/1527\/revisions"}],"predecessor-version":[{"id":1528,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/posts\/1527\/revisions\/1528"}],"wp:attachment":[{"href":"https:\/\/oneai.eu.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}