当许多客户端位于 NAT 之后时,Web 服务器会随机超时

当许多客户端位于 NAT 之后时,Web 服务器会随机超时

我的 Ubuntu 14.04 网络服务器有问题。我们公司正在开发一款应用,这款应用通过发送 HTTP 请求来访问网络服务器。问题是,当许多 PC 或设备以某种方式连接到网络服务器时,我们的 LAN 中会出现奇怪的随机超时。我们位于路由器/NAT 后面。通过 4G 访问网络服务器完全没问题,不会超时,永远不会。设置确实很有帮助net.ipv4.tcp_timestamps = 0/etc/sysctl.conf这大大减少了超时。但有时仍然会出现超时和/或与服务器的连接速度很慢。我认为速度缓慢是因为数据包丢失或数据包无法正确传送,我不知道。

该服务器具有 32GB RAM、Intel Xeon D-1540(8 核)。它运行的是 NginX 1.10 和 PHP-FPM 7.1

有人能提示一下特殊设置或者我可以尝试找到解决方案吗?

这是我的完整sysctl.conf

fs.file-max = 2097152

# Do less swapping
vm.swappiness = 10
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2

### GENERAL NETWORK SECURITY OPTIONS ###

# Number of times SYNACKs for passive TCP connection.
net.ipv4.tcp_synack_retries = 2

# Allowed local port range
net.ipv4.ip_local_port_range = 2000 65535

# Protect Against TCP Time-Wait
net.ipv4.tcp_rfc1337 = 1

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for connections to keep alive
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15

### TUNING NETWORK PERFORMANCE ###

#Helped a lot by reducing the timeouts
net.ipv4.tcp_timestamps = 0

# Default Socket Receive Buffer
net.core.rmem_default = 31457280

# Maximum Socket Receive Buffer
net.core.rmem_max = 12582912

# Default Socket Send Buffer
net.core.wmem_default = 31457280

# Maximum Socket Send Buffer
net.core.wmem_max = 12582912

# Increase number of incoming connections
net.core.somaxconn = 50000

# Increase number of incoming connections backlog
net.core.netdev_max_backlog = 65536

# Increase the maximum amount of option memory buffers
net.core.optmem_max = 25165824

# Increase the maximum total buffer-space allocatable
# This is measured in units of pages (4096 bytes)
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144

# Increase the read-buffer space allocatable
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384

# Increase the write-buffer-space allocatable
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384

# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1

# Disable TCP slow start on idle connections
net.ipv4.tcp_slow_start_after_idle = 0

NginX 配置(摘录):

events {
        worker_connections 4096;
        multi_accept on;
        use epoll;
}

http {

        client_body_buffer_size 10K;
        client_header_buffer_size 1k;
        client_max_body_size 8m;
        large_client_header_buffers 4 16k;

        client_body_timeout 12;
        client_header_timeout 12;
        keepalive_timeout 0;
        send_timeout 10;

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        types_hash_max_size 2048;

}

答案1

如果有多个用户通过 NAT 设备连接到此 Web 服务器,则net.ipv4.tcp_tw_recycle = 1 将要给您带来问题。

请参见这里了解该问题的详细描述。

当远程主机实际上是 NAT 设备时,时间戳条件将禁止除 NAT 设备后面的主机之外的所有主机在一分钟内进行连接,因为它们不共享相同的时间戳时钟。如有疑问,最好禁用此选项,因为它会导致难以检测和诊断的问题。

相关内容