In Linux kernels, TCP/IP connections remain in the TIME-WAIT state for 60 seconds. You cannot change the period of time in which TCP/IP connections remain in the TIME-WAIT state. However, in specific scenarios, such as scenarios in which TCP workloads are heavy, you need to shorten the period of time to improve network performance and resource utilization. Alibaba Cloud Linux 2 starting with kernel version 4.19.43-13.al7 and Alibaba Cloud Linux 3 provide a kernel interface that you can use to change the period of time during which a TCP connection remains in the TIME-WAIT state.
Background information
TIME-WAIT is a transitional state of sockets in the TCP/IP stack. After an application closes sockets, the sockets stay in the TIME-WAIT state and remain open for 60 seconds to ensure complete server-client data transmission. If a large number of TCP connections are in the TIME-WAIT state, network performance may be compromised. Alibaba Cloud Linux provides a kernel interface that is used to change the TCP TIME-WAIT timeout to improve network performance in specific scenarios, such as high-concurrency scenarios. The TCP TIME-WAIT timeout indicates the period of time during which a TCP connection remains in the TIME-WAIT state. The value of the kernel interface ranges from 1 to 600. Unit: seconds.
Usage notes
A TCP TIME-WAIT timeout of less than 60 seconds may violate the TCP/IP quiet time restriction and cause old data to be accepted as new data or cause duplicated new data to be rejected as old data. We recommend that you change the TCP TIME-WAIT timeout based on the advice of Alibaba Cloud technicians. For information about the TCP/IP quiet time, see IETF RFC 793.
Configuration methods
You can use one of the following methods to change the TCP TIME-WAIT timeout. In the commands used in the methods, replace [$TIME_VALUE] with a value to change the TCP TIME-WAIT timeout.
When you change the TCP TIME-WAIT timeout ([$TIME_VALUE]), your business may become unavailable or may be interrupted. We recommend that you perform this operation during off-peak hours.
Run the
sysctlcommand to change the TCP TIME-WAIT timeout. If you change the TCP TIME-WAIT timeout by using this method, the change immediately takes effect but cannot persist.sudo sysctl -w "net.ipv4.tcp_tw_timeout=[$TIME_VALUE]"Run the
echocommand to change the TCP TIME-WAIT timeout in the/proc/sys/net/ipv4/tcp_tw_timeoutinterface. If you change the TCP TIME-WAIT timeout by using this method, the change immediately takes effect but cannot persist.sudo sh -c "echo [$TIME_VALUE] > /proc/sys/net/ipv4/tcp_tw_timeout"Modify the
/etc/sysctl.conffile to change the value of thenet.ipv4.tcp_tw_timeoutparameter. If you change the TCP TIME-WAIT timeout by using this method, the change immediately takes effect and can persist. The change remains in effect even after the system restarts. Perform the following operations:Run the following command to open the sysctl.conf file:
sudo vim /etc/sysctl.confPress the I key to enter Insert mode. Add or modify the following line at the end of the file:
net.ipv4.tcp_tw_timeout = [$TIME_VALUE]Press the
Esckey, enter:wq, and then press theEnterkey to save the change and close the file.Run the following command for the change to take effect:
sudo sysctl -pRun the following command to obtain the current value of the net.ipv4.tcp_tw_timeout parameter:
sysctl net.ipv4.tcp_tw_timeout
You can run the netstat -ant | grep TIME_WAIT | wc -l command to check whether a large number of short-lived connections exist on the server.
If a large number of short-lived connections exist, such as when a layer-7 proxy is configured for NGINX, we recommend that you replace [$TIME_VALUE] with 5 to set the TCP TIME-WAIT timeout to 5 seconds.