我在这里问了几个问题,得到了一些很好的答复。我仍然面临一些与 ipconntrac 和防火墙连接有关的问题。
我正在寻找一些在 ubuntu 10.10 64 位机器上应遵循的指导和步骤,以确保减少 ipconntrack 和 time_wait 的问题,并且服务器开始表现得更好、更可靠。
答案1
/proc/sys/net/ipv4 下有文件
tcp_fin_timeout:
The tcp_fin_timeout variable tells kernel how long to keep sockets in the state FIN-WAIT-2 if you were the one closing the socket. This is used if the other peer is broken for some reason and don't close its side, or the other peer may even crash unexpectedly. Each socket left in memory takes approximately 1.5Kb of memory, and hence this may eat a lot of memory if you have a moderate webserver or something alike.
This value takes an integer value which is per default set to 60 seconds.
tcp_keepalive_time:
The tcp_keepalive_time variable tells the TCP/IP stack how often to send TCP keepalive packets to keep an connection alive if it is currently unused. This value is only used when keepalive is enabled.
tcp_max_orphans:
The tcp_max_orphans variable tells the kernel how many TCP sockets that are not attached to any user file handle to maintain. In case this number is exceeded, orphaned connections are immediately reset and a warning is printed.