原文地址：http://liuyieyer.iteye.com/blog/2214722?utm_source=tuicool&utm_medium=referral

由于网站使用nginx做的反向代理he负载均衡。在没有默认的系统TCP参数情况下回导致大量的TIME_WAIT出现。

1.netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

1.TIME_WAIT 8535
2.CLOSE_WAIT 5
3.FIN_WAIT2 20
4.ESTABLISHED 248
5.LAST_ACK 14

1.CLOSED：无连接是活动的或正在进行
2.LISTEN：服务器在等待进入呼叫
3.SYN_RECV：一个连接请求已经到达，等待确认
4.SYN_SENT：应用已经开始，打开一个连接
5.ESTABLISHED：正常数据传输状态
6.FIN_WAIT1：应用说它已经完成
7.FIN_WAIT2：另一边已同意释放
8.ITMED_WAIT：等待所有分组死掉
9.CLOSING：两边同时尝试关闭
10.TIME_WAIT：另一边已初始化一个释放
11.LAST_ACK：等待所有分组死掉

解决办法 修改内核参数

1.vi /etc/sysctl.conf
2.net.ipv4.tcp_syncookies = 1 #该功能可以防止部分SYN攻击。tcp_synack_retries和tcp_syn_retries定义SYN的重试次数。
3.net.ipv4.tcp_tw_reuse=1 #让TIME_WAIT状态可以重用，这样即使TIME_WAIT占满了所有端口，也不会拒绝新的请求造成障碍 默认是0
4.net.ipv4.tcp_tw_recycle=1 #让TIME_WAIT尽快回收 默认0
5.net.ipv4.tcp_fin_timeout=30

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 200000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1

sysctl -p 让修改生效