- 浏览: 316517 次
- 性别:
- 来自: 北京
文章分类
最新评论
-
chen3888015:
更方便、更实用的IDC机房服务器监控软件UNNOC -
PV_love:
沙发一个,看的人多,没人顶
Oracle查询优化 -
sanpic:
好文章,好东西
关键点的第5条,logfile,少打了个字母f ...
oracle create database -
kimmking:
lz不厚道,从dell网站复制过来的。
DELL R900 服务器 RAID 配置详解 -
wxq594808632:
记性不好...
DELL R900 服务器 RAID 配置详解
现象:在netstat的时候发现大量处于LAST_ACK状态的TCP连接,达到在ESTABLISHED状态的90%以上
[root@ccsafe ~]# netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c
6 CLOSE_WAIT
7 CLOSING
6838 ESTABLISHED
1037 FIN_WAIT1
357 FIN_WAIT2
5830 LAST_ACK
2 LISTEN
276 SYN_RECV
71 TIME_WAIT
[root@ccsafe ~]#
看看系统
状态,性能
都花在系统中断和上下文切换
[root@ccsafe ~]# vmstat 2
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache
si so bi bo in cs us sy id wa st
1 0 0 3091812 363032 284132 0 0 0 0 1 1 0 0 100 0 0
0 0 0 3091812 363032 284132 0 0 0 0 13750 3174 0 5 94 0 0
0 0 0 3091936 363032 284132 0 0 0 0 13666 3057 1 5 94 0 0
0 0 0 3092060 363032 284132 0 0 0 16 13749 3030 0 5 95 0 0
0 0 0 3092060 363032 284132 0 0 0 0 13822 3144 0 5 95 0 0
0 0 0 3092060 363032 284132 0 0 0 0 13390 2961 0 5 95 0 0
0 0 0 3092060 363032 284132 0 0 0 0 13541 3182 0 6 94 0 0
查看socket队列信息
[root@ccsafe ~]# sar -n SOCK 5
Linux 2.6.18-53.1.13.el5PAE (ccsafe) 10/21/2008
06:31:43 PM totsck tcpsck udpsck rawsck ip-frag tcp-tw
06:31:48 PM 6951 13868 1 0 0 430
Average: 6951 13868 1 0 0 430
根据TCP状态的变化过程来分析,LAST_ACK属于被动关闭连接过程中的状态
ESTABLISHED->CLOSE_WAIT->(发送ACK)->LAST_ACK->(发送FIN+接收ACK)->CLOSED
现在状态都堆积到LAST_ACK,初步判断问题从上下两个状态着手
调节一下LAST_ACK时间...
[root@ccsafe ~]# sysctl -a |grep last_ack
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
[root@ccsafe ~]# sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack=10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 10
[root@ccsafe ~]# sysctl -p
[root@ccsafe ~]# watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 5.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
6 CLOSE_WAIT
9 CLOSING
6420 ESTABLISHED
693 FIN_WAIT1
391 FIN_WAIT2
5081 LAST_ACK
2 LISTEN
203 SYN_RECV
66 TIME_WAIT
检查一下LAST_ACK所对应的应用
[root@ccsafe ~]# netstat -ant|fgrep "LAST_ACK"|cut -b 49-75|cut -d ":" -f1|sort |uniq -c|sort -nr --key=1,7|head -5
101 220.160.210.6
46 222.75.65.69
31 221.0.91.118
24 222.210.8.160
22 60.161.81.28
[root@ccsafe ~]#
[root@ccsafe ~]# netstat -an|grep "220.160.210.6"
tcp 0 17280 10.1.1.145:80 220.160.210.6:52787 ESTABLISHED
tcp 1 14401 10.1.1.145:80 220.160.210.6:52513 LAST_ACK
tcp 1 14401 10.1.1.145:80 220.160.210.6:52769 LAST_ACK
tcp 1 14401 10.1.1.145:80 220.160.210.6:52768 LAST_ACK
tcp 0 8184 10.1.1.145:80 220.160.210.6:52515 LAST_ACK
tcp 1 14401 10.1.1.145:80 220.160.210.6:52514 LAST_ACK
tcp 0 8184 10.1.1.145:80 220.160.210.6:52781 LAST_ACK
是TCP80端口的应用,调节一下nginx
的keepalive时间...
[root@ccsafe ~]# /usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
2008/10/21 19:15:31 [info] 21352#0: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
2008/10/21 19:15:31 [info] 21352#0: the configuration file /usr/local/nginx/conf/nginx.conf was tested successfully
[root@ccsafe ~]# ps aux|egrep '(PID|nginx)'
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 8290 0.0 0.0 7572 1124 ? Ss Oct04 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 8291 0.2 0.3 19704 13776 ? S Oct04 71:35 nginx: worker process
nobody 8292 0.3 0.2 17604 11680 ? S Oct04 77:26 nginx: worker process
nobody 8293 0.2 0.4 22528 16636 ? S Oct04 58:13 nginx: worker process
nobody 8294 0.3 0.4 24944 19020 ? S Oct04 94:07 nginx: worker process
nobody 8295 0.3 0.5 27496 21508 ? S Oct04 84:41 nginx: worker process
nobody 8296 0.3 0.1 13388 7496 ? S Oct04 84:14 nginx: worker process
nobody 8297 0.2 0.0 9196 3268 ? S Oct04 58:21 nginx: worker process
nobody 8298 0.3 0.2 15392 9504 ? S Oct04 75:16 nginx: worker process
root 21354 0.0 0.0 3896 720 pts/0 S+ 19:15 0:00 egrep (PID|nginx)
(动态加载新配置)
[root@ccsafe ~]# kill -HUP 8290
[root@ccsafe ~]#
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90 |sort |uniq -c
1 CLOSE_WAIT
1138 CLOSING
7161 ESTABLISHED
1427 FIN_WAIT1
396 FIN_WAIT2
5740 LAST_ACK
2 LISTEN
350 SYN_RECV
148 TIME_WAIT
...
[root@ccsafe ~]# netstat -ant|fgrep ":"|cut -b 77-90 |sort |uniq -c
1151 CLOSING
8506 ESTABLISHED
1452 FIN_WAIT1
666 FIN_WAIT2
6568 LAST_ACK
2 LISTEN
429 SYN_RECV
92 TIME_WAIT
...
LAST_ACK不下,而且CLOSING 和FIN_WAIT突增
着重看看可影响主动断开TCP连接时几个参数
tcp_keepalive_intvl:探测消息发送的频率
tcp_keepalive_probes:TCP发送keepalive探测以确定该连接已经断开的次数
tcp_keepalive_time:当keepalive打开的情况下,TCP发送keepalive消息的频率
[root@ccsafe ~]# sysctl -a|grep tcp_keepalive
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_keepalive_time = 160
tcp_retries2:在丢弃激活(已建立通讯状况)的TCP连接之前﹐需要进行多少次重试
[root@ccsafe ~]# sysctl -a |grep tcp_retries
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_retries1 = 3
加速处理那些等待ACK的LAST_ACK,减少等待ACK的LAST_ACK的重试次数
[root@ccsafe ~]# sysctl -w net.ipv4.tcp_retries2=5
net.ipv4.tcp_retries2 = 5
减少keepalive发送的频率
[root@ccsafe ~]# sysctl -w net.ipv4.tcp_keepalive_intvl=15
net.ipv4.tcp_keepalive_intvl = 15
[root@ccsafe ~]# sysctl -p
排除syncookies的影响
[root@ccsafe ~]# !ec
echo "0" >/proc/sys/net/ipv4/tcp_syncookies
[root@ccsafe ~]# echo "1" >/proc/sys/net/ipv4/tcp_syncookies
[root@ccsafe ~]# sysctl -a|grep tcp_keepalive
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_keepalive_time = 160
[root@ccsafe ~]# sysctl -a|grep syncookies
net.ipv4.tcp_syncookies = 1
延长keepalive检测周期,保留ESTABLISHED数量
[root@ccsafe ~]# echo "1800" >/proc/sys/net/ipv4/tcp_keepalive_time
[root@ccsafe ~]# echo "5" >/proc/sys/net/ipv4/tcp_keepalive_probes
[root@ccsafe ~]# echo "15" >/proc/sys/net/ipv4/tcp_keepalive_intvl
[root@ccsafe ~]# sysctl -a|grep tcp_keepalive
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_time = 1800
[root@ccsafe ~]# !wat
watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
1 CLOSE_WAIT
363 CLOSING
5145 ESTABLISHED
1073 FIN_WAIT1
174 FIN_WAIT2
6042 LAST_ACK
2 LISTEN
301 SYN_RECV
85 TIME_WAIT
LAST_ACK不下,但是CLOSING有所回落
tcp_orphan_retries:在近端丢弃TCP连接之前﹐要进行多少次重试。
[root@ccsafe ~]# sysctl -a|grep tcp_orphan
net.ipv4.tcp_orphan_retries = 0
关键,丢TCP太频繁了,以至于后勤都跟不上。设置
丢弃之前的重试次数
[root@ccsafe ~]# echo "3" >/proc/sys/net/ipv4/tcp_orphan_retries
[root@ccsafe ~]# !wat
watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
1 CLOSE_WAIT
24 CLOSING
5422 ESTABLISHED
279 FIN_WAIT1
214 FIN_WAIT2
1966 LAST_ACK
2 LISTEN
269 SYN_RECV
74 TIME_WAIT
上下调节该值,找个合适的临界点
[root@ccsafe ~]# echo "7" >/proc/sys/net/ipv4/tcp_orphan_retries
[root@ccsafe ~]# !wat
watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
1 CLOSE_WAIT
175 CLOSING
5373 ESTABLISHED
436 FIN_WAIT1
209 FIN_WAIT2
3184 LAST_ACK
2 LISTEN
283 SYN_RECV
110 TIME_WAIT
恢复,同时FIN_WAIT1的值过高。考虑减少tcp_fin_timeout时间
[root@ccsafe ~]# echo "2" >/proc/sys/net/ipv4/tcp_orphan_retries
[root@ccsafe ~]# sysctl -a|grep tcp_fin
net.ipv4.tcp_fin_timeout = 10
[root@ccsafe ~]# echo "5" >/proc/sys/net/ipv4/tcp_fin_timeout
[root@ccsafe ~]# !wat
watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
2 CLOSE_WAIT
17 CLOSING
5665 ESTABLISHED
145 FIN_WAIT1
141 FIN_WAIT2
1068 LAST_ACK
2 LISTEN
287 SYN_RECV
68 TIME_WAIT
相比FIN_WAIT,SYN_RECV的值偏高。加大发送synack的质量
[root@ccsafe ~]# sysctl -a|grep synack
net.ipv4.tcp_synack_retries = 1
[root@ccsafe ~]# echo "2" >/proc/sys/net/ipv4/tcp_synack_retries
[root@ccsafe ~]# !wat
watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
3 CLOSE_WAIT
16 CLOSING
5317 ESTABLISHED
200 FIN_WAIT1
158 FIN_WAIT2
1001 LAST_ACK
2 LISTEN
303 SYN_RECV
78 TIME_WAIT
[root@ccsafe ~]# sysctl -a|grep keepalive
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_time = 1800
[root@ccsafe ~]# watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
1 CLOSE_WAIT
7 CLOSING
5356 ESTABLISHED
175 FIN_WAIT1
136 FIN_WAIT2
1045 LAST_ACK
2 LISTEN
345 SYN_RECV
64 TIME_WAIT
减少keepalive的检测周期,LAST_ACK上升
[root@ccsafe ~]# echo "10" >/proc/sys/net/ipv4/tcp_keepalive_intvl
[root@ccsafe ~]# echo "1" >/proc/sys/net/ipv4/tcp_synack_retries
[root@ccsafe ~]# !wat
watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
1 CLOSE_WAIT
13 CLOSING
5605 ESTABLISHED
212 FIN_WAIT1
131 FIN_WAIT2
1143 LAST_ACK
2 LISTEN
252 SYN_RECV
79 TIME_WAIT
恢复
[root@ccsafe ~]# echo "15" >/proc/sys/net/ipv4/tcp_keepalive_intvl
[root@ccsafe ~]# watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
3 CLOSE_WAIT
14 CLOSING
5862 ESTABLISHED
230 FIN_WAIT1
205 FIN_WAIT2
1064 LAST_ACK
2 LISTEN
244 SYN_RECV
59 TIME_WAIT
[root@ccsafe ~]# watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
3 CLOSE_WAIT
26 CLOSING
6712 ESTABLISHED
270 FIN_WAIT1
230 FIN_WAIT2
994 LAST_ACK
2 LISTEN
254 SYN_RECV
73 TIME_WAIT
[root@ccsafe ~]#
目前LAST_ACK占ESTABLISHED的量在15%左右
发表评论
-
linux 常见错误解决方法
2010-12-27 11:20 390310、pam 11、拒绝ssh登录(用户)a./etc/s ... -
理解 Linux 配置文件
2010-09-29 16:03 1386介绍 每个 Linux 程序都是一个可执行文件,它含 ... -
linux iscsi initiator 安装配置
2010-06-24 15:28 4272实现环境:vmware workstation, ... -
iscsi配置
2010-06-17 16:31 19411 指定连接iSCSI的前兆网口IP, 与IP-SAN的端口 ... -
Linux 2.6.31内核优化-2
2010-03-24 14:43 2418Device Drivers ---> Gene ... -
Linux 2.6.31内核优化-1
2010-03-24 14:42 3100介绍 本文档是一篇关于Linux Kernel 2.6. ... -
solaris 常用检查系统命令
2010-03-10 15:57 2345/usr/platform/sun4u/sbin/prt ... -
vsftpd配置文件
2010-02-09 16:23 1464vsftpd配置文件采用“#” ... -
solaris10 xmanager登录
2010-01-29 10:48 9871. 关闭默认的cde服务 ... -
ubuntu美化grub
2009-12-24 16:44 894安装grub-splashimages,只是集成了一套 ... -
linux内核参数
2009-12-21 15:58 1152以下是内核的主要配置 ... -
Consistent Non-Locking Reads 与Locking Reads的区别
2009-11-30 09:08 953一直以来,都认为mysql 在普通的select下会根据主键 ... -
阵列Lun
2009-11-10 11:26 1165a、lun的概念 lun的全称是logical ... -
TAR命令参数详解
2009-11-05 09:58 2807tar 程序用于储存或展开 tar 存档文件。存档文件可放在磁 ... -
linux下无法在分区中创建新文件问题
2009-10-20 09:13 2824linux下无法在分区中创建新文件问题 故障现象: ... -
vim使用技巧
2009-10-09 14:09 2114读本文之前请注意: 1. 本文的目标是提供一些vim的使用技 ... -
基于linux构建一个多功能(防火墙/防毒墙/进出邮件扫描/GFW穿越)透明网关
2009-09-27 09:07 997基于linux 构建一个全功能(防火墙/防毒墙/进出邮件 ... -
Rhythmbox, Totem 不支持 mp3的解决办法
2009-09-08 11:01 1322为什么 Linux 不支持 mp3 呢?这个问题在 Linux ... -
LEMP构建高性能WEB服务器
2009-08-24 13:39 1099平台搭建环境 : CentOS5.2 32/x86_6 ... -
linux下安装fetion(飞信)
2009-08-18 10:55 27101.先去 http://www.libfetio ...
相关推荐
OPNET仿真多种mac协议,里面包含各个协议的进程代码,可直接作为mac模块仿真。 aloha协议 aloha_ack协议 maca协议 macaw协议 fama_ack协议
DAIKIN大金_ACK70N_空气净化器_中文说明书
Simple I2C controller -- 1) No multimaster -- 2) No slave mode -- 3) No fifo s -- -- notes: -- Every command is acknowledged. Do not set a new ...-- Dout is available 1 clock cycle later as cmd_ack
12、int amqp_basic_ack(发送ask确认) 13、amqp_basic_reject(拒绝ask) 14、amqp_basic_publish(发布消息) 15、amqp_simple_wait_frame(回调等待服务器的结果返回) 16、amqp_basic_get(客户端主动获取服务器的...
用c++语言编写 用堆栈的方法实现ack
用c++语言编写 用堆栈的方法实现ack
Calculate the Ackermann function ACK ( m, n ) recursive functions.
SMPP SERVER 可以回复ACK及状态报告
tcp协议ACK机制在opnet中实现代码
请参考是新的权威上游pd_ack_to_nagios_ack_poller.pl 补充 pagerduty_nagios.pl很好地完成了将nagios事件纳入pagerduty的工作。此脚本提供了相反的功能,从而实现了往返同步的更多体验更具体地说,它将轮询自上次...
黑防出的源码修改过.效果更好些.肉鸡很少掉!
nothing to say about that
ex 03b rx send resp rar
NRF24L01通讯,实现STM32模块点对点间的通讯。
CIS_Alibaba_Cloud_Container_Service_For_Kubernetes_(ACK)_Benchmark_v1.0.0.zip
单片机CSM32RV20通过硬件SPI操作Si24R1,串口打印,中断等操作。
assign cmd_ack = (state == S_ACK); always@(posedge sys_clk or posedge rst) begin if(rst==1) state <= S_IDLE; else state <= next_state; end always@(*) begin case(state) S_IDLE: if(cmd_valid && cmd == `...
Bandizip_Professional_v7.26_x64_Reрack.exe
K2梅林固件,K1K2使用,通过不死后台刷入,我才刷,没长期用呢!
6.5. 通信过程中的异常与重发 6 6.6. 数据包流水号 7 7. WMMP功能及流程 7 7.1. 终端序列号注册/分配流程 7 7.2. 行业终端提交登录信息 8 7.3. 行业终端退出系统消息 9 7.4. 行业终端连接检查消息 9 7.5. 终端上线...