- 浏览: 321041 次
- 性别:
- 来自: 北京
文章分类
最新评论
-
chen3888015:
更方便、更实用的IDC机房服务器监控软件UNNOC -
PV_love:
沙发一个,看的人多,没人顶
Oracle查询优化 -
sanpic:
好文章,好东西
关键点的第5条,logfile,少打了个字母f ...
oracle create database -
kimmking:
lz不厚道,从dell网站复制过来的。
DELL R900 服务器 RAID 配置详解 -
wxq594808632:
记性不好...
DELL R900 服务器 RAID 配置详解
现象:在netstat的时候发现大量处于LAST_ACK状态的TCP连接,达到在ESTABLISHED状态的90%以上
[root@ccsafe ~]# netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c
6 CLOSE_WAIT
7 CLOSING
6838 ESTABLISHED
1037 FIN_WAIT1
357 FIN_WAIT2
5830 LAST_ACK
2 LISTEN
276 SYN_RECV
71 TIME_WAIT
[root@ccsafe ~]#
看看系统
状态,性能
都花在系统中断和上下文切换
[root@ccsafe ~]# vmstat 2
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache
si so bi bo in cs us sy id wa st
1 0 0 3091812 363032 284132 0 0 0 0 1 1 0 0 100 0 0
0 0 0 3091812 363032 284132 0 0 0 0 13750 3174 0 5 94 0 0
0 0 0 3091936 363032 284132 0 0 0 0 13666 3057 1 5 94 0 0
0 0 0 3092060 363032 284132 0 0 0 16 13749 3030 0 5 95 0 0
0 0 0 3092060 363032 284132 0 0 0 0 13822 3144 0 5 95 0 0
0 0 0 3092060 363032 284132 0 0 0 0 13390 2961 0 5 95 0 0
0 0 0 3092060 363032 284132 0 0 0 0 13541 3182 0 6 94 0 0
查看socket队列信息
[root@ccsafe ~]# sar -n SOCK 5
Linux 2.6.18-53.1.13.el5PAE (ccsafe) 10/21/2008
06:31:43 PM totsck tcpsck udpsck rawsck ip-frag tcp-tw
06:31:48 PM 6951 13868 1 0 0 430
Average: 6951 13868 1 0 0 430
根据TCP状态的变化过程来分析,LAST_ACK属于被动关闭连接过程中的状态
ESTABLISHED->CLOSE_WAIT->(发送ACK)->LAST_ACK->(发送FIN+接收ACK)->CLOSED
现在状态都堆积到LAST_ACK,初步判断问题从上下两个状态着手
调节一下LAST_ACK时间...
[root@ccsafe ~]# sysctl -a |grep last_ack
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
[root@ccsafe ~]# sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack=10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 10
[root@ccsafe ~]# sysctl -p
[root@ccsafe ~]# watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 5.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
6 CLOSE_WAIT
9 CLOSING
6420 ESTABLISHED
693 FIN_WAIT1
391 FIN_WAIT2
5081 LAST_ACK
2 LISTEN
203 SYN_RECV
66 TIME_WAIT
检查一下LAST_ACK所对应的应用
[root@ccsafe ~]# netstat -ant|fgrep "LAST_ACK"|cut -b 49-75|cut -d ":" -f1|sort |uniq -c|sort -nr --key=1,7|head -5
101 220.160.210.6
46 222.75.65.69
31 221.0.91.118
24 222.210.8.160
22 60.161.81.28
[root@ccsafe ~]#
[root@ccsafe ~]# netstat -an|grep "220.160.210.6"
tcp 0 17280 10.1.1.145:80 220.160.210.6:52787 ESTABLISHED
tcp 1 14401 10.1.1.145:80 220.160.210.6:52513 LAST_ACK
tcp 1 14401 10.1.1.145:80 220.160.210.6:52769 LAST_ACK
tcp 1 14401 10.1.1.145:80 220.160.210.6:52768 LAST_ACK
tcp 0 8184 10.1.1.145:80 220.160.210.6:52515 LAST_ACK
tcp 1 14401 10.1.1.145:80 220.160.210.6:52514 LAST_ACK
tcp 0 8184 10.1.1.145:80 220.160.210.6:52781 LAST_ACK
是TCP80端口的应用,调节一下nginx
的keepalive时间...
[root@ccsafe ~]# /usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
2008/10/21 19:15:31 [info] 21352#0: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
2008/10/21 19:15:31 [info] 21352#0: the configuration file /usr/local/nginx/conf/nginx.conf was tested successfully
[root@ccsafe ~]# ps aux|egrep '(PID|nginx)'
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 8290 0.0 0.0 7572 1124 ? Ss Oct04 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 8291 0.2 0.3 19704 13776 ? S Oct04 71:35 nginx: worker process
nobody 8292 0.3 0.2 17604 11680 ? S Oct04 77:26 nginx: worker process
nobody 8293 0.2 0.4 22528 16636 ? S Oct04 58:13 nginx: worker process
nobody 8294 0.3 0.4 24944 19020 ? S Oct04 94:07 nginx: worker process
nobody 8295 0.3 0.5 27496 21508 ? S Oct04 84:41 nginx: worker process
nobody 8296 0.3 0.1 13388 7496 ? S Oct04 84:14 nginx: worker process
nobody 8297 0.2 0.0 9196 3268 ? S Oct04 58:21 nginx: worker process
nobody 8298 0.3 0.2 15392 9504 ? S Oct04 75:16 nginx: worker process
root 21354 0.0 0.0 3896 720 pts/0 S+ 19:15 0:00 egrep (PID|nginx)
(动态加载新配置)
[root@ccsafe ~]# kill -HUP 8290
[root@ccsafe ~]#
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90 |sort |uniq -c
1 CLOSE_WAIT
1138 CLOSING
7161 ESTABLISHED
1427 FIN_WAIT1
396 FIN_WAIT2
5740 LAST_ACK
2 LISTEN
350 SYN_RECV
148 TIME_WAIT
...
[root@ccsafe ~]# netstat -ant|fgrep ":"|cut -b 77-90 |sort |uniq -c
1151 CLOSING
8506 ESTABLISHED
1452 FIN_WAIT1
666 FIN_WAIT2
6568 LAST_ACK
2 LISTEN
429 SYN_RECV
92 TIME_WAIT
...
LAST_ACK不下,而且CLOSING 和FIN_WAIT突增
着重看看可影响主动断开TCP连接时几个参数
tcp_keepalive_intvl:探测消息发送的频率
tcp_keepalive_probes:TCP发送keepalive探测以确定该连接已经断开的次数
tcp_keepalive_time:当keepalive打开的情况下,TCP发送keepalive消息的频率
[root@ccsafe ~]# sysctl -a|grep tcp_keepalive
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_keepalive_time = 160
tcp_retries2:在丢弃激活(已建立通讯状况)的TCP连接之前﹐需要进行多少次重试
[root@ccsafe ~]# sysctl -a |grep tcp_retries
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_retries1 = 3
加速处理那些等待ACK的LAST_ACK,减少等待ACK的LAST_ACK的重试次数
[root@ccsafe ~]# sysctl -w net.ipv4.tcp_retries2=5
net.ipv4.tcp_retries2 = 5
减少keepalive发送的频率
[root@ccsafe ~]# sysctl -w net.ipv4.tcp_keepalive_intvl=15
net.ipv4.tcp_keepalive_intvl = 15
[root@ccsafe ~]# sysctl -p
排除syncookies的影响
[root@ccsafe ~]# !ec
echo "0" >/proc/sys/net/ipv4/tcp_syncookies
[root@ccsafe ~]# echo "1" >/proc/sys/net/ipv4/tcp_syncookies
[root@ccsafe ~]# sysctl -a|grep tcp_keepalive
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_keepalive_time = 160
[root@ccsafe ~]# sysctl -a|grep syncookies
net.ipv4.tcp_syncookies = 1
延长keepalive检测周期,保留ESTABLISHED数量
[root@ccsafe ~]# echo "1800" >/proc/sys/net/ipv4/tcp_keepalive_time
[root@ccsafe ~]# echo "5" >/proc/sys/net/ipv4/tcp_keepalive_probes
[root@ccsafe ~]# echo "15" >/proc/sys/net/ipv4/tcp_keepalive_intvl
[root@ccsafe ~]# sysctl -a|grep tcp_keepalive
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_time = 1800
[root@ccsafe ~]# !wat
watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
1 CLOSE_WAIT
363 CLOSING
5145 ESTABLISHED
1073 FIN_WAIT1
174 FIN_WAIT2
6042 LAST_ACK
2 LISTEN
301 SYN_RECV
85 TIME_WAIT
LAST_ACK不下,但是CLOSING有所回落
tcp_orphan_retries:在近端丢弃TCP连接之前﹐要进行多少次重试。
[root@ccsafe ~]# sysctl -a|grep tcp_orphan
net.ipv4.tcp_orphan_retries = 0
关键,丢TCP太频繁了,以至于后勤都跟不上。设置
丢弃之前的重试次数
[root@ccsafe ~]# echo "3" >/proc/sys/net/ipv4/tcp_orphan_retries
[root@ccsafe ~]# !wat
watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
1 CLOSE_WAIT
24 CLOSING
5422 ESTABLISHED
279 FIN_WAIT1
214 FIN_WAIT2
1966 LAST_ACK
2 LISTEN
269 SYN_RECV
74 TIME_WAIT
上下调节该值,找个合适的临界点
[root@ccsafe ~]# echo "7" >/proc/sys/net/ipv4/tcp_orphan_retries
[root@ccsafe ~]# !wat
watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
1 CLOSE_WAIT
175 CLOSING
5373 ESTABLISHED
436 FIN_WAIT1
209 FIN_WAIT2
3184 LAST_ACK
2 LISTEN
283 SYN_RECV
110 TIME_WAIT
恢复,同时FIN_WAIT1的值过高。考虑减少tcp_fin_timeout时间
[root@ccsafe ~]# echo "2" >/proc/sys/net/ipv4/tcp_orphan_retries
[root@ccsafe ~]# sysctl -a|grep tcp_fin
net.ipv4.tcp_fin_timeout = 10
[root@ccsafe ~]# echo "5" >/proc/sys/net/ipv4/tcp_fin_timeout
[root@ccsafe ~]# !wat
watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
2 CLOSE_WAIT
17 CLOSING
5665 ESTABLISHED
145 FIN_WAIT1
141 FIN_WAIT2
1068 LAST_ACK
2 LISTEN
287 SYN_RECV
68 TIME_WAIT
相比FIN_WAIT,SYN_RECV的值偏高。加大发送synack的质量
[root@ccsafe ~]# sysctl -a|grep synack
net.ipv4.tcp_synack_retries = 1
[root@ccsafe ~]# echo "2" >/proc/sys/net/ipv4/tcp_synack_retries
[root@ccsafe ~]# !wat
watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
3 CLOSE_WAIT
16 CLOSING
5317 ESTABLISHED
200 FIN_WAIT1
158 FIN_WAIT2
1001 LAST_ACK
2 LISTEN
303 SYN_RECV
78 TIME_WAIT
[root@ccsafe ~]# sysctl -a|grep keepalive
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_time = 1800
[root@ccsafe ~]# watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
1 CLOSE_WAIT
7 CLOSING
5356 ESTABLISHED
175 FIN_WAIT1
136 FIN_WAIT2
1045 LAST_ACK
2 LISTEN
345 SYN_RECV
64 TIME_WAIT
减少keepalive的检测周期,LAST_ACK上升
[root@ccsafe ~]# echo "10" >/proc/sys/net/ipv4/tcp_keepalive_intvl
[root@ccsafe ~]# echo "1" >/proc/sys/net/ipv4/tcp_synack_retries
[root@ccsafe ~]# !wat
watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
1 CLOSE_WAIT
13 CLOSING
5605 ESTABLISHED
212 FIN_WAIT1
131 FIN_WAIT2
1143 LAST_ACK
2 LISTEN
252 SYN_RECV
79 TIME_WAIT
恢复
[root@ccsafe ~]# echo "15" >/proc/sys/net/ipv4/tcp_keepalive_intvl
[root@ccsafe ~]# watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
3 CLOSE_WAIT
14 CLOSING
5862 ESTABLISHED
230 FIN_WAIT1
205 FIN_WAIT2
1064 LAST_ACK
2 LISTEN
244 SYN_RECV
59 TIME_WAIT
[root@ccsafe ~]# watch -n 10 "netstat -ant|fgrep ":"|cut -b 77-90|sort |uniq -c"
Every 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c
3 CLOSE_WAIT
26 CLOSING
6712 ESTABLISHED
270 FIN_WAIT1
230 FIN_WAIT2
994 LAST_ACK
2 LISTEN
254 SYN_RECV
73 TIME_WAIT
[root@ccsafe ~]#
目前LAST_ACK占ESTABLISHED的量在15%左右
发表评论
-
linux 常见错误解决方法
2010-12-27 11:20 400010、pam 11、拒绝ssh登录(用户)a./etc/s ... -
理解 Linux 配置文件
2010-09-29 16:03 1435介绍 每个 Linux 程序都是一个可执行文件,它含 ... -
linux iscsi initiator 安装配置
2010-06-24 15:28 4348实现环境:vmware workstation, ... -
iscsi配置
2010-06-17 16:31 19791 指定连接iSCSI的前兆网口IP, 与IP-SAN的端口 ... -
Linux 2.6.31内核优化-2
2010-03-24 14:43 2445Device Drivers ---> Gene ... -
Linux 2.6.31内核优化-1
2010-03-24 14:42 3130介绍 本文档是一篇关于Linux Kernel 2.6. ... -
solaris 常用检查系统命令
2010-03-10 15:57 2375/usr/platform/sun4u/sbin/prt ... -
vsftpd配置文件
2010-02-09 16:23 1492vsftpd配置文件采用“#” ... -
solaris10 xmanager登录
2010-01-29 10:48 10061. 关闭默认的cde服务 ... -
ubuntu美化grub
2009-12-24 16:44 933安装grub-splashimages,只是集成了一套 ... -
linux内核参数
2009-12-21 15:58 1207以下是内核的主要配置 ... -
Consistent Non-Locking Reads 与Locking Reads的区别
2009-11-30 09:08 982一直以来,都认为mysql 在普通的select下会根据主键 ... -
阵列Lun
2009-11-10 11:26 1190a、lun的概念 lun的全称是logical ... -
TAR命令参数详解
2009-11-05 09:58 2837tar 程序用于储存或展开 tar 存档文件。存档文件可放在磁 ... -
linux下无法在分区中创建新文件问题
2009-10-20 09:13 2875linux下无法在分区中创建新文件问题 故障现象: ... -
vim使用技巧
2009-10-09 14:09 2154读本文之前请注意: 1. 本文的目标是提供一些vim的使用技 ... -
基于linux构建一个多功能(防火墙/防毒墙/进出邮件扫描/GFW穿越)透明网关
2009-09-27 09:07 997基于linux 构建一个全功能(防火墙/防毒墙/进出邮件 ... -
Rhythmbox, Totem 不支持 mp3的解决办法
2009-09-08 11:01 1358为什么 Linux 不支持 mp3 呢?这个问题在 Linux ... -
LEMP构建高性能WEB服务器
2009-08-24 13:39 1127平台搭建环境 : CentOS5.2 32/x86_6 ... -
linux下安装fetion(飞信)
2009-08-18 10:55 27391.先去 http://www.libfetio ...
相关推荐
当离线成员重新上线后,系统会根据其last_ack_msgid拉取所有未读消息,并更新其last_ack_msgid。 #### 六、结论 通过对不同存储策略的对比分析可以看出,单份存储策略具有明显的优势。它不仅降低了存储成本,还...
4. 被动方调用close或shutdown发送FIN,进入LAST_ACK状态。 5. 主动方收到FIN,发送ACK,进入TIME_WAIT状态,等待一段时间确保被动方收到ACK后关闭连接。 6. 被动方收到ACK,连接关闭。 TIME_WAIT状态常常成为优化...
1. 连接状态:监控TCP连接的状态,包括LISTEN(监听)、SYN_SENT(已发送SYN)、SYN_RECV(已接收SYN)、ESTABLISHED(已建立)、FIN_WAIT_1、FIN_WAIT_2、CLOSE_WAIT、CLOSING、LAST_ACK、TIME_WAIT等。这些状态有...
(3)第三次挥手:服务器发送自己的FIN包,表示自己不再发送数据,进入LAST_ACK状态。 (4)第四次挥手:客户端收到服务器的FIN包后,发送ACK包,确认号为服务器的序列号加1,进入TIME_WAIT状态,等待一段时间以确保...
2. TCP连接的状态:TCP连接有多种状态,包括SYN_SENT(同步发送)、SYN_RECEIVED(同步接收)、ESTABLISHED(已建立)、FIN_WAIT1、FIN_WAIT2、CLOSE_WAIT、CLOSING、LAST_ACK、TIME_WAIT等。这些状态反映了连接的...
- **三次握手**:SYN(同步序列编号)、SYN+ACK(同步确认)和ACK(确认)构成了TCP连接的建立过程。 - **四次挥手**:FIN(结束)和ACK用于关闭连接,确保双方都已完成数据传输。 6. **TCP拥塞控制** Linux TCP...
3. **TCP状态转换**:TCP连接经历CLOSED、LISTEN、SYN_SENT、SYN_RECEIVED、ESTABLISHED、FIN_WAIT_1、FIN_WAIT_2、CLOSE_WAIT、CLOSING、LAST_ACK和TIME_WAIT等状态。 4. **流量控制**:TCP通过滑动窗口机制实现...
Wireshark还提供了流跟踪功能,如"Follow TCP Stream"或"Follow UDP Stream",能够帮助我们追踪特定的数据流,以便于在大量数据包中找出感兴趣的通信过程。此外,通过“Statistics”菜单,可以获取数据包的摘要信息...
- **LAST_ACK**:等待最后一个ACK报文段的发送。 - **应用场景**:通过这些状态的统计,我们可以更深入地理解Apache服务器当前的工作状态及其对系统资源的影响。例如,大量的**TIME_WAIT**状态可能表明服务器面临...
- **分析工具**:使用专门的日志分析工具来提高效率。 #### 知识点二十五:故障检测与恢复 - **故障检测**:及时发现并报告系统故障是保证服务质量的关键。 - **自动恢复**:实现自动化故障恢复机制,减少人为干预...