Some time in your life you’ll run across an Apache server that always has tons of TIME_WAIT connections just seeming to hang out. While these don’t take up as many resources as an ESTABLISHED connection, why keep them around so long? This short article will show you how to identify how many you have, and how to tell your server to reduce them, reuse and recycle them (see, recycling IS a good thing).
First, SSH into your server and become root.
Next, let’s see how many TIME_WAITs you have hanging out:
|
1 |
netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n |
You should see something like:
|
1 2 3 4 5 6 7 8 9 10 |
1 established) 1 Foreign 3 FIN_WAIT2 5 LAST_ACK 6 CLOSING 9 SYN_RECV 10 ESTABLISHED 22 FIN_WAIT1 26 LISTEN 466 TIME_WAIT |
So – let’s get that number smaller.
See what your current values are in these files by catting them to the screen:
|
1 2 3 |
cat /proc/sys/net/ipv4/tcp_fin_timeout cat /proc/sys/net/ipv4/tcp_tw_recycle cat /proc/sys/net/ipv4/tcp_tw_reuse |
If you have default settings, you’ll probably see values of 60, 0 and 0. Let’s change those values to 30, 1, 1.
|
1 2 3 |
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse |
Now, let’s make the change persistent by adding them to the sysctl.conf file. First however, let’s make sure there aren’t any entries in there yet for these settings.. cat the file and grep for the changes we’re about to make:
|
1 2 3 |
cat /etc/sysctl.conf |grep "net.ipv4.tcp_fin_timeout" cat /etc/sysctl.conf |grep "net.ipv4.tcp_tw_recycle" cat /etc/sysctl.conf |grep "net.ipv4.tcp_tw_reuse" |
Make notes of what your settings are if you had any results..
Now, edit the /etc/sysctl.conf with your favorite editor and add these lines to the end of it (or edit the values you have in yours if they exist already):
|
1 2 3 4 5 6 |
# Decrease TIME_WAIT seconds net.ipv4.tcp_fin_timeout = 30 # Recycle and Reuse TIME_WAIT sockets faster net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 |
Now, let’s rerun that command from before and see where your TIME_WAITs are at:
|
1 |
netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n |
You may need to wait at least a minute or so (depending on what your old values were) to see a change here.
Be sure to comment below if you have any questions or other thoughts!
Related posts from Linux Brigade!
Globally disable directory listing on WHM/cPanel One of the things that WHM/cPanel servers have on by default is directory listing. This is something you don’t want – but it’s easy to fix!
1. Log into WHM
2. Apache Configuration […]
Patch your WHM/cPanel machine for heartbleed You’ve certainly heard about Heartbleed by now. If not, you can read more about this vulnerability at Heartbleed.com. Continue reading this post to find out if you’re vulnerable, and how […]
Download CentOS 7 Nightly Builds As the CentOS folks are working on releasing a final version of CentOS 7, you can get in on the action and download their nightly builds. We’re estimating (guessing? Based on previous […]
Rescued my little Acer C7 Chromebook After installing chrubuntu on my c7, I decided to put it back to factory and give crouton a try so that I could run both chrome and crouton at the same time. I created the restore usb […]
Easily increase storage size with LVM Your server needs more space eh? Throw another physical drive in there and let’s use that to increase the logical volume that needs more space! In this example, we are going to use a […]
Nice write-up. I’m sure it will be helpful.
Anyway, I know it’s not a big deal, but you should avoid using useless use of
cat.for example, this:
can be done like this:
thanks
Thanks for the comment.. Yeah – I hear you, but wanted to keep it as simple as possible and so the reader (if they weren’t seasoned) understood what was happening since they’re going to be root when running most of these commands… 😉
You are assuming that the config file matches reality, which may not be the case, as these options can be changed dynamically.
Many Thanks Brother