All Products
Search
Document Center

Alibaba Cloud Linux:Change the TCP TIME-WAIT timeout to improve network performance

Last Updated:Jul 17, 2024

In Linux kernels, TCP/IP connections remain in the TIME-WAIT state for 60 seconds. You cannot change the period of time in which TCP/IP connections remain in the TIME-WAIT state. However, in specific scenarios, such as scenarios in which TCP workloads are heavy, you need to shorten the period of time to improve network performance and resource utilization. Alibaba Cloud Linux 2 starting with kernel version 4.19.43-13.al7 and Alibaba Cloud Linux 3 provide a kernel interface that you can use to change the period of time during which a TCP connection remains in the TIME-WAIT state.

Background information

TIME-WAIT is a transitional state of sockets in the TCP/IP stack. After an application closes sockets, the sockets stay in the TIME-WAIT state and remain open for 60 seconds to ensure complete server-client data transmission. If a large number of TCP connections are in the TIME-WAIT state, network performance may be compromised. Alibaba Cloud Linux provides a kernel interface that is used to change the TCP TIME-WAIT timeout to improve network performance in specific scenarios, such as high-concurrency scenarios. The TCP TIME-WAIT timeout indicates the period of time during which a TCP connection remains in the TIME-WAIT state. The value of the kernel interface ranges from 1 to 600. Unit: seconds.

Usage notes

A TCP TIME-WAIT timeout of less than 60 seconds may violate the TCP/IP quiet time restriction and cause old data to be accepted as new data or cause duplicated new data to be rejected as old data. We recommend that you change the TCP TIME-WAIT timeout based on the advice of Alibaba Cloud technicians. For information about the TCP/IP quiet time, see IETF RFC 793.

Configuration methods

You can use one of the following methods to change the TCP TIME-WAIT timeout. In the commands used in the methods, replace [$TIME_VALUE] with a value to change the TCP TIME-WAIT timeout.

Warning

When you change the TCP TIME-WAIT timeout ([$TIME_VALUE]), your business may become unavailable or may be interrupted. We recommend that you perform this operation during off-peak hours.

  • Run the sysctl command to change the TCP TIME-WAIT timeout. If you change the TCP TIME-WAIT timeout by using this method, the change immediately takes effect but cannot persist.

    sudo sysctl -w "net.ipv4.tcp_tw_timeout=[$TIME_VALUE]"
  • Run the echo command to change the TCP TIME-WAIT timeout in the /proc/sys/net/ipv4/tcp_tw_timeout interface. If you change the TCP TIME-WAIT timeout by using this method, the change immediately takes effect but cannot persist.

    sudo sh -c "echo [$TIME_VALUE] > /proc/sys/net/ipv4/tcp_tw_timeout"
  • Modify the /etc/sysctl.conf file to change the value of the net.ipv4.tcp_tw_timeout parameter. If you change the TCP TIME-WAIT timeout by using this method, the change immediately takes effect and can persist. The change remains in effect even after the system restarts. Perform the following operations:

    1. Run the following command to open the sysctl.conf file:

      sudo vim /etc/sysctl.conf
    2. Press the I key to enter Insert mode. Add or modify the following line at the end of the file:

      net.ipv4.tcp_tw_timeout = [$TIME_VALUE]
    3. Press the Esc key, enter :wq, and then press the Enter key to save the change and close the file.

    4. Run the following command for the change to take effect:

      sudo sysctl -p
    5. Run the following command to obtain the current value of the net.ipv4.tcp_tw_timeout parameter:

      sysctl net.ipv4.tcp_tw_timeout
Note

You can run the netstat -ant | grep TIME_WAIT | wc -l command to check whether a large number of short-lived connections exist on the server.

If a large number of short-lived connections exist, such as when a layer-7 proxy is configured for NGINX, we recommend that you replace [$TIME_VALUE] with 5 to set the TCP TIME-WAIT timeout to 5 seconds.