Overriding the default Linux kernel 20-second TCP socket connect timeout

Whatever language or client library you‘re using, you should be able to set the timeout on network socket operations, typically split into a connect timeout, read timeout, and write timeout.

However, although you should be able to make these timeouts as small as you want, the connect timeout in particular has an effective maximum value for any given kernel. Beyond this point, higher timeout values you might request will have no effect - connecting will still time out after a shorter time.

The reason TCP connects are special is that the establishment of a TCP connection has a special sequence of packets starting with a SYN packet. If no response is received to this initial SYN packet, the kernel needs to retry, which it may have to do a couple of times. All kernels I know of wait an increasing amount of time between sending SYN retries, to avoid flooding slow hosts.

All kernels put an upper limit on the number of times they will retry SYNs. On BSD-derived kernels, including Mac OS X, the standard pattern is that the second SYN will be second 6 seconds after the first, then a third SYN 18 seconds after that, then the connect times out after a total of around 75 seconds.

On Linux however, the default retry cycle ends after just 20 seconds. Linux does send SYN retries somewhat faster than BSD-derived kernels - Linux supposedly sends 5 SYNs in this 20 seconds, but this includes the original packet (the retries are after 3s, 6s, 12s, 24s).

The end result though is that if your application wants a connect timeout shorter than 20s, no problem, but if your application wants a connect timeout longer than 20s, you‘ll find that the default kernel configuration will effectively chop it back to 20s.

Changing this upper timeout limit is easy, though it requires you to change a system configuration parameter and so you will need to have root access to the box (or get the system administrators to agree to change it for you).

The relevant sysctl is tcp_syn_retries, which for IP v4 is net.ipv4.tcp_syn_retries.

Be conservative in choosing the value you change it to. Like BSD, the SYN retry delays increase in time (albeit doubling rather than tripling), so a relatively small increase in the number of retries leads to a large increase in the maximum connect timeout. In a perfect world, there would be no problem with having a very high timeout because applications‘ connect timeouts will come into play.

However, many applications do not set an explicit connect timeout, and so if you set the kernel to 10 minutes, you‘re probably going to find something hanging for ages sooner or later when a remote host goes down!

I recommend that you set it to a value of 6, 7, or at most 8. 6 gives an effective connect timeout ceiling of around 45 seconds, 7 gives around 90 seconds, and 8 gives around 190 seconds.

To change this in a running kernel, you can use the /proc interface:

# cat /proc/sys/net/ipv4/tcp_syn_retries
# echo 6 > /proc/sys/net/ipv4/tcp_syn_retries

Or use the sysctl command:

# sysctl net.ipv4.tcp_syn_retries
net.ipv4.tcp_syn_retries = 5
# sysctl -w net.ipv4.tcp_syn_retries=6
net.ipv4.tcp_syn_retries = 6

To make this value stick across reboots however you need to add it to /etc/sysctl.conf:

net.ipv4.tcp_syn_retries = 6

Most Linux installations support reading sysctls from files in /etc/sysctl.d, which is usually better practice as it makes it easier to administer upgrades, so I suggest you put it in a file there instead.

(I see no reason you‘d want to reduce this sysctl, but note that values of 4 or less all seem to be treated as 4 - total timeout 9s.)


时间: 01-05

Overriding the default Linux kernel 20-second TCP socket connect timeout的相关文章


设置tcp参数一定要小心谨慎,轻易不要更改线上环境,我贴一下我们线上环境中,sysctl.conf的内容,见文章底部 net.ipv4.tcp_tw_reuse    = 1 net.ipv4.tcp_tw_recycle  = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 1800 net.ipv4.tcp_max_syn_backlog = 4096 net.ipv4.tcp_syncookies = 1 www.

用qemu与gdb调试linux kernel tcp/ip协议栈

description 用gdb debug linux kernel容易吗?其实要走到这步真的不容易啊,其实也难道是不难,就是要知道的东西太多了.用gdb debug linux kernel 可以有2中方式:UML和qemu方式,这里主要说qemu,从源码编译安装qemu很费劲. 准备环境 linux OS: Debian7.5-i386(当时最新的Wheezy,装在VMware10上,我用的在线安装,安装后以text方式跑起来,我的笔记本配置资源有限!) root fs:Debian-Wh

Linux kernel 4.20 BPF 整数溢出漏洞分析

分析的代码为linux-4.20-rc3版本:https://elixir.bootlin.com/linux/v4.20-rc3/source.因为该漏洞影响`Linux Kernel 4.20rc1-4.20rc4`,主要Linux发行版并不受其影响. 一.简介 BPF的全称是Berkeley Packet Filter,字面意思意味着它是从包过滤而来,该模块主要就是用于用户态定义数据包过滤方法:从本质上我们可以把它看作是一种内核代码注入的技术,BPF最大的好处是它提供了一种在不修改内核代码

linux内核可以接受的参数 | Linux kernel启动参数 | 通过grub给内核传递参数

在Linux中,给kernel传递参数以控制其行为总共有三种方法: 1.build kernel之时的各个configuration选项. 2.当kernel启动之时,可以参数在kernel被GRUB或LILO等启动程序调用之时传递给kernel. 3.在kernel运行时,修改/proc或/sys目录下的文件. 这里我简单讲的就是第二种方式了,kernel在grub中配置的启动参数. 首先,kernel有哪些参数呢? 在linux的源代码中,有这样的一个文档Documentation/kern

Linux Kernel - Debug Guide (Linux内核调试指南 )

http://blog.csdn.net/blizmax6/article/details/6747601 linux内核调试指南 一些前言 作者前言 知识从哪里来 为什么撰写本文档 为什么需要汇编级调试 ***第一部分:基础知识*** 总纲:内核世界的陷阱 源码阅读的陷阱 代码调试的陷阱 原理理解的陷阱 建立调试环境 发行版的选择和安装 安装交叉编译工具 bin工具集的使用 qemu的使用 initrd.img的原理与制作 x86虚拟调试环境的建立 arm虚拟调试环境的建立 arm开发板调试环

linux kernel (proc文件系统)参数

http://blog.csdn.net/guowake/article/details/3279796 Linux Proc文件系统,通过对Proc文件系统进行调整,达到性能优化的目的. 二./proc/sys/kernel/优化1)     /proc/sys/kernel/ctrl-alt-del该文件有一个二进制值,该值控制系统在接收到ctrl+alt+delete按键组合时如何反应.这两个值分别是:零(0)值,表示捕获ctrl+alt+delete,并将其送至 init 程序:这将允许

the Linux Kernel: Traffic Control, Shaping and QoS

−Table of Contents Journey to the Center of the Linux Kernel: Traffic Control, Shaping and QoS 1 Introduction 2 Motivation 3 The basics of Traffic Control 3.1 First contact 3.2 Netfilter MARK 3.3 Two classes in a tree 3.4 Connecting the marks to the

ARM32 Linux kernel virtual address space

http://thinkiii.blogspot.jp/2014/02/arm32-linux-kernel-virtual-address-space.html The 32-bit ARM CPU can address up to 2^32 = 4GB address*. It's not big enough in present days, since the size of available DRAM on computing devices is growing fast and

Linux snacks from <linux kernel development>

introduction to the Linux kernel 1.operating system 1) considered the parts of the system 2) responsible for basic use and administration. 3) includes the kernel and device drivers, boot loader, command shell or other user interface, and basic file a