可以先看看如下配置项的状态:
cat /proc/sys/net/ipv4/tcp_syncookies
cat /proc/sys/net/ipv4/tcp_timestamps
cat /proc/sys/net/ipv4/tcp_tw_reuse
cat /proc/sys/net/ipv4/tcp_tw_recycle
cat /proc/sys/net/ipv4/tcp_fin_timeout
编辑/etc/sysctl.conf文件:
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_keepalive_time = 1800
开启TCP同步标签(syncookie),防止一个套接字在有过多试图连接到达时引起过载
开启net.ipv4.tcp_tw_reuse可以将处于TIME-WAIT状态的socket(TIME-WAIT的端口)用于新的TCP连接
TIME_WAIT快速回收通过net.ipv4.tcp_tw_recycle启用,由于其根据时间戳来判定,所以必须开启TCP时间戳(tcp_timestamps)才有效
使配置生效:
sysctl -p