TCP: time wait bucket table overflow

为什么80%的码农都做不了架构师？>>>   

The “TCP: time wait bucket table overflow” message shows when the kernel is unable to allocate a data structure to put a socket in the TIME_WAIT state.

This is happening according to linux/net/ipv4/tcp_minisocks.c:

if (tcp_tw_count < sysctl_tcp_max_tw_buckets)
   tw = kmem_cache_alloc(tcp_timewait_cachep, SLAB_ATOMIC);
   if(tw != NULL) {
       (..)
   } else {
   /* Sorry, if we’re out of memory, just CLOSE this
    * socket up. We’ve got bigger problems than
    * non-graceful socket closings.
    */
   if (net_ratelimit())
      printk(KERN_INFO “TCP: time wait bucket table overflow\\n”);
}

This problem is more likely to happen on systems creating a lot of TCP connections at a fast pace. RFC 793 decided that those sockets should stay in the TIME_WAIT state for 2*MSL (Maximum Segment Life), but the Linux implementation seems to make the TIME_WAIT state last for 1 minute.

Monitor the resources used by those time wait buckets by watching:

# cat /proc/slabinfo | grep tcp_tw_bucket

The size of the time wait bucket can be adjusted by writing to /proc/sys/net/ipv4/tcp_max_tw_buckets. However, the link between the client and the server cannot cause packets to arrive out of order, then the TIME_WAIT state can be skipped and sockets can be recycled immediately. Socket recycling can be configured in /proc/sys/net/ipv4/tcp_tw_recycle, but check with your network administrator to verify whether it’s safe to do so.

原因：/proc/sys/net/ipv4/tcp_max_tw_buckets的值太小，才2000

解决方法：增大 tcp_max_tw_buckets的值，并不是这个值越小越好

tcp_max_tw_buckets 参数类型：整型
系统在同时所处理的最大timewait sockets 数目。如果超过此数的话﹐time-wait socket 会被立即砍除并且显示警告信息。之所以要设定这个限制﹐纯粹为了抵御那些简单的 DoS 攻击﹐千万不要人为的降低这个限制﹐不过﹐如果网络条件需要比默认值更多﹐则可以提高它(或许还要增加内存)。

转载于:https://my.oschina.net/tsh/blog/1335040