In my current high concurrency project, the server no longer responds to any TCP syn requests, and the new client cannot intervene in the service. Before this state appears, the server has been optimized due to the increase in concurrency luminescence, mainly toTIME-WAIT sockets are reused for new TCP connections, optimized as follows:
1. Modify /ect/
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 5
2. Modify /etc/security/
* soft nofile 2000000
* hard nofile 2000000Therefore, it is suspected that there is a problem with these parameters of optimization. By checking the information,It is found that tcp_timestamps is enabled by default. If tcp_tw_recycle is set to 1, the timestamp in the socket connect request of the same source IP host within 60s must be incremented. That is to sayWhen the server opens tcp_tw_reccycle, it will check the timestamp. If the timestamp of the packet sent by the other party jumps randomly or the timestamp is lagging, the server will definitely not reply. Therefore, the server treats the packet with the "rewind" timestamp as "retransmitted data of the tw connection of the recycle, not a new request", so the packet is thrown away and the syn is not responding as mentioned.
Solution: Add the following line to the /etc/ file:
net.ipv4.tcp_timestamps=0