{"id":860,"date":"2026-04-18T13:27:52","date_gmt":"2026-04-18T05:27:52","guid":{"rendered":"https:\/\/www.liaoxinghui.com\/?p=860"},"modified":"2026-04-18T13:27:52","modified_gmt":"2026-04-18T05:27:52","slug":"linux-tcp-connection-limit-not-just-65535","status":"publish","type":"post","link":"https:\/\/www.liaoxinghui.com\/?p=860","title":{"rendered":"Linux\u6700\u5927TCP\u8fde\u63a5\u6570\uff1a\u4e0d\u662f65535\uff0c\u4f46\u4e5f\u4e0d\u662f\u4f60\u60f3\u8c61\u7684\u90a3\u6837"},"content":{"rendered":"<h1>Linux\u6700\u5927TCP\u8fde\u63a5\u6570\uff1a\u662f65535\uff1f<\/h1>\n<blockquote>\n<p><strong>\u6838\u5fc3\u7ed3\u8bba<\/strong>\uff1a\u5355\u673a\u80fd\u7ef4\u62a4\u7684TCP\u8fde\u63a5\u6570\u4ece\u6765\u5c31\u4e0d\u53d6\u51b3\u4e8e\u7aef\u53e3\u53f7\u3002\u771f\u6b63\u7684\u74f6\u9888\u53ef\u80fd\u5728\u6587\u4ef6\u63cf\u8ff0\u7b26\u4e0a\u9650\u3001\u4e34\u65f6\u7aef\u53e3\u8017\u5c3d\u3001\u5185\u5b58\u4e0d\u8db3\u6216\u5185\u6838\u53c2\u6570\u9650\u5236\u2014\u2014\u53d6\u51b3\u4e8e\u4f60\u7684\u4e1a\u52a1\u573a\u666f\u662f\u670d\u52a1\u7aef\u8fd8\u662f\u5ba2\u6237\u7aef\u3002<\/p>\n<\/blockquote>\n<h2>\u573a\u666f\u7ea6\u675f<\/h2>\n<p><strong>\u4e1a\u52a1\u80cc\u666f<\/strong>\uff1a\u67d0\u9ad8\u5e76\u53d1\u7f51\u5173\u670d\u52a1\u9700\u8981\u7ef4\u62a4\u5927\u91cf\u957f\u8fde\u63a5\u5230\u540e\u7aef\u670d\u52a1\uff0c\u5728\u538b\u6d4b\u8fc7\u7a0b\u4e2d\u8fde\u63a5\u6570\u8fbe\u5230\u67d0\u4e2a\u9608\u503c\u540e\u5f00\u59cb\u51fa\u73b0 <code>connect: cannot assign requested address<\/code> \u9519\u8bef\u3002<\/p>\n<p><strong>\u7cfb\u7edf\u7248\u672c<\/strong>\uff1aCentOS 7.9 \/ Linux 5.4 \u5185\u6838<\/p>\n<p><strong>\u9650\u5236\u6761\u4ef6<\/strong>\uff1a<\/p>\n<ul>\n<li>\u670d\u52a1\u8fd0\u884c\u5728\u5bb9\u5668\u73af\u5883\uff08Docker 20.10\uff09\u4e2d<\/li>\n<li>\u7f51\u5173\u670d\u52a1\u4f5c\u4e3a\u5ba2\u6237\u7aef\uff0c\u5411\u591a\u4e2a\u540e\u7aef\u670d\u52a1\u53d1\u8d77\u8fde\u63a5<\/li>\n<li>\u8fde\u63a5\u7c7b\u578b\u4e3aHTTP\/1.1\u77ed\u8fde\u63a5\uff0c\u538b\u6d4b\u5de5\u5177\u4e3awrk<\/li>\n<\/ul>\n<p><strong>\u5f71\u54cd\u9762<\/strong>\uff1a\u6240\u6709\u5230\u540e\u7aef\u670d\u52a1\u7684\u8bf7\u6c42\u5168\u90e8\u5931\u8d25\uff0c\u5f71\u54cd\u4e0b\u6e38\u6240\u6709\u4f9d\u8d56\u65b9<\/p>\n<h2>\u73b0\u8c61\u4e0e\u5173\u952e\u8bc1\u636e<\/h2>\n<h3>\u538b\u6d4b\u547d\u4ee4\u4e0e\u9519\u8bef\u65e5\u5fd7<\/h3>\n<pre><code class=\"lang-bash language-bash bash\"># \u4f7f\u7528wrk\u6a21\u62df\u5ba2\u6237\u7aef\u6301\u7eed\u52a0\u538b\nwrk -t4 -c2000 -d60s --latency http:\/\/backend-cluster:8080\/api<\/code><\/pre>\n<p>\u9519\u8bef\u65e5\u5fd7\u6a21\u5f0f\uff08\u6765\u81eanginx upstream\u914d\u7f6e\uff09\uff1a<\/p>\n<pre><code>2024\/11\/15 14:23:45 [error] 25671#25671: *1892344 connect() failed (99: Cannot assign requested address) \nwhile connecting to upstream, client: 10.0.1.100, server: 0.0.0.0:80<\/code><\/pre>\n<p><strong>\u5173\u952e\u8bc1\u636e<\/strong>\uff1a\u9519\u8bef\u7801\u662f <code>99<\/code>\uff08EADDRNOTAVAIL\uff09\uff0c\u4e0d\u662f <code>98<\/code>\uff08EADDRINUSE\uff09\u3002<\/p>\n<p>\u4e24\u8005\u542b\u4e49\u5b8c\u5168\u4e0d\u540c\uff1a<\/p>\n<ul>\n<li><code>EADDRINUSE (98)<\/code>\uff1a\u5730\u5740\u5df2\u88ab\u5360\u7528\uff0c\u4f60\u8bd5\u56febind\u7684\u7aef\u53e3\u5df2\u7ecf\u88ab\u4f7f\u7528<\/li>\n<li><code>EADDRNOTAVAIL (99)<\/code>\uff1a\u65e0\u6cd5\u5206\u914d\u5730\u5740\uff0c\u6ca1\u6709\u53ef\u7528\u7aef\u53e3\u53ef\u5206\u914d\u7ed9\u8fd9\u4e2a\u8fde\u63a5<\/li>\n<\/ul>\n<h3>\u7cfb\u7edf\u53c2\u6570\u5feb\u7167<\/h3>\n<pre><code class=\"lang-bash language-bash bash\"># \u6587\u4ef6\u63cf\u8ff0\u7b26\u72b6\u6001\n$ cat \/proc\/sys\/fs\/file-nr\n1344    0       8388608\n# \u683c\u5f0f\uff1a\u5df2\u5206\u914d\u6570 \/ \u5df2\u5206\u914d\u672a\u4f7f\u7528\u6570 \/ \u7cfb\u7edf\u6700\u5927\u503c\n\n# \u7528\u6237ulimit\n$ ulimit -n\n1024\n\n# \u7cfb\u7edf\u7ea7file-max\n$ cat \/proc\/sys\/fs\/file-max\n8388608\n\n# \u4e34\u65f6\u7aef\u53e3\u8303\u56f4\uff08\u5173\u952e\uff01\uff09\n$ sysctl net.ipv4.ip_local_port_range\nnet.ipv4.ip_local_port_range = 32768    60999\n# \u8ba1\u7b97\u53ef\u7528\u7aef\u53e3\u6570\uff1a60999 - 32768 + 1 = 28232\n\n# \u5f53\u524dTCP\u8fde\u63a5\u72b6\u6001\n$ ss -s\nTotal: 148 (kernel 1234)\nTCP:   142 (estab 50, closed 87, orphaned 0, synrecv 0, timewait 87)\n# \u53d1\u73b087\u4e2aTIME_WAIT\u8fde\u63a5\u5728\u5806\u79ef<\/code><\/pre>\n<h3>\u6392\u67e5\u8def\u5f84<\/h3>\n<h4>\u7b2c\u4e00\u5c42\uff1a\u6587\u4ef6\u63cf\u8ff0\u7b26\u662f\u5426\u8017\u5c3d<\/h4>\n<p><strong>\u6280\u672f\u5224\u65ad<\/strong>\uff1a\u5982\u679c <code>ulimit -n<\/code> \u53ea\u67091024\uff0c\u90a3\u5355\u4e2a\u8fdb\u7a0b\u6700\u591a\u53ea\u80fd\u6253\u5f001024\u4e2a\u8fde\u63a5\u3002\u4f46\u89c2\u5bdf\u5f53\u524d <code>file-nr<\/code> \u663e\u793a\u53ea\u7528\u4e861344\uff0c\u6240\u4ee5\u8fd9\u91cc\u4e0d\u662f\u74f6\u9888\u3002<\/p>\n<pre><code class=\"lang-bash language-bash bash\"># \u9a8c\u8bc1\u5355\u8fdb\u7a0bfd\u4f7f\u7528\n$ ls \/proc\/$(pgrep -f nginx)\/fd | wc -l\n248<\/code><\/pre>\n<h4>\u7b2c\u4e8c\u5c42\uff1a\u4e34\u65f6\u7aef\u53e3\u8303\u56f4\uff08\u8fd9\u91cc\u662f\u771f\u6b63\u7684\u74f6\u9888\uff09<\/h4>\n<p><strong>\u6280\u672f\u5224\u65ad<\/strong>\uff1a\u670d\u52a1\u7aef\u76d1\u542c <code>0.0.0.0:80<\/code> \u65f6\uff0c\u6bcf\u4e2a\u8fde\u63a5\u5360\u7528\u4e00\u4e2a\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u4e0d\u53d7\u7aef\u53e3\u6570\u91cf\u9650\u5236\u3002\u4f46\u7f51\u5173\u4f5c\u4e3a\u5ba2\u6237\u7aef\u53d1\u8d77\u8fde\u63a5\u65f6\uff0c\u6bcf\u4e2a\u8fde\u63a5\u9700\u8981\u4e00\u4e2a\u4e34\u65f6\u6e90\u7aef\u53e3\u3002<\/p>\n<pre><code class=\"lang-bash language-bash bash\"># \u67e5\u770b\u8fde\u63a5\u5230\u540c\u4e00\u4e2a\u540e\u7aefIP:Port\u7684\u8fde\u63a5\u6570\n$ ss -ant | awk &#039;{print $4, $5}&#039; | grep &#039;:8080&#039; | wc -l\n28000+\n\n# \u67e5\u770b\u53ef\u7528\u4e34\u65f6\u7aef\u53e3\n$ sysctl net.ipv4.ip_local_port_range\nnet.ipv4.ip_local_port_range = 32768    60999<\/code><\/pre>\n<p>\u5f53\u8fde\u63a5\u6570\u8d85\u8fc728232\u65f6\uff0c\u7cfb\u7edf\u65e0\u6cd5\u5206\u914d\u65b0\u7684\u4e34\u65f6\u7aef\u53e3\uff0c\u89e6\u53d1 EADDRNOTAVAIL\u3002<\/p>\n<h2>\u65b9\u6848\u53d6\u820d<\/h2>\n<h3>\u65b9\u6848\u4e00\uff1a\u6269\u5c55\u4e34\u65f6\u7aef\u53e3\u8303\u56f4<\/h3>\n<pre><code class=\"lang-bash language-bash bash\"># \u4e34\u65f6\u751f\u6548\nsysctl -w net.ipv4.ip_local_port_range=&quot;1024 65535&quot;\n\n# \u6c38\u4e45\u751f\u6548\necho &quot;net.ipv4.ip_local_port_range = 1024 65535&quot; &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n<p><strong>\u4f18\u70b9<\/strong>\uff1a\u7acb\u5373\u751f\u6548\uff0c\u65e0\u9700\u4fee\u6539\u5e94\u7528\u4ee3\u7801\n<strong>\u7f3a\u70b9<\/strong>\uff1a\u4f1a\u6d88\u8017\u66f4\u591a\u7aef\u53e3\u8d44\u6e90\uff0c\u53ef\u80fd\u4e0e\u5176\u4ed6\u670d\u52a1\u51b2\u7a81<\/p>\n<h3>\u65b9\u6848\u4e8c\uff1a\u542f\u7528TIME_WAIT\u7aef\u53e3\u91cd\u7528<\/h3>\n<pre><code class=\"lang-bash language-bash bash\"># \u5141\u8bb8\u91cd\u7528TIME_WAIT\u72b6\u6001\u7684\u7aef\u53e3\nsysctl -w net.ipv4.tcp_tw_reuse=1\n\n# \u7f29\u77edFIN_WAIT_2\u8d85\u65f6\nsysctl -w net.ipv4.tcp_fin_timeout=15<\/code><\/pre>\n<p><strong>\u4e3a\u4ec0\u4e48\u4e0d\u63a8\u8350 tw_recycle<\/strong>\uff1a\u5b83\u4f9d\u8d56\u65f6\u95f4\u6233\u9009\u9879\uff0c\u5728NAT\/LB\u73af\u5883\u4e0b\u4f1a\u5bfc\u81f4\u90e8\u5206\u5ba2\u6237\u7aef\u8fde\u63a5\u5f02\u5e38\u91cd\u5efa\u3002\u8fd9\u4e2a\u53c2\u6570\u5728Linux 4.12\u540e\u5df2\u88ab\u79fb\u9664\uff0c\u4f46\u5728\u65e7\u7cfb\u7edf\u4e0a\u4ecd\u9700\u6ce8\u610f\u3002<\/p>\n<h3>\u65b9\u6848\u4e09\uff1a\u8c03\u6574\u6587\u4ef6\u63cf\u8ff0\u7b26\u4e0a\u9650<\/h3>\n<pre><code class=\"lang-bash language-bash bash\"># \u8c03\u6574\u7528\u6237\u7ea7ulimit\uff08\u4e34\u65f6\uff09\nulimit -n 1000000\n\n# \u8c03\u6574\u7cfb\u7edf\u7ea7nr_open\uff08\u5fc5\u987b\u5927\u4e8eulimit\uff09\nsysctl -w fs.nr_open=1100000\n\n# \u6c38\u4e45\u914d\u7f6e\ncat &gt;&gt; \/etc\/security\/limits.conf &lt;&lt; &#039;EOF&#039;\n*    soft    nofile    1000000\n*    hard    nofile    1000000\nEOF<\/code><\/pre>\n<p><strong>\u4e3a\u4ec0\u4e48\u4e0d\u53ea\u8c03ulimit<\/strong>\uff1a\u5982\u679c\u4e0d\u8c03 <code>fs.nr_open<\/code>\uff0culimit\u8bbe\u7f6e\u8fc7\u5927\u4f1a\u62a5\u9519\u3002<\/p>\n<pre><code class=\"lang-bash language-bash bash\">$ ulimit -n 10000000\n-bash: ulimit: open files: cannot modify limit: Operation not permitted<\/code><\/pre>\n<h3>\u6700\u7ec8\u9009\u62e9\uff1a\u7ec4\u5408\u65b9\u6848<\/h3>\n<p>\u9488\u5bf9\u9ad8\u5e76\u53d1\u7f51\u5173\u670d\u52a1\uff08\u5ba2\u6237\u7aef\u89d2\u8272\uff09\uff0c\u6211\u63a8\u8350\u4ee5\u4e0b\u7ec4\u5408\u914d\u7f6e\uff1a<\/p>\n<pre><code class=\"lang-bash language-bash bash\"># \/etc\/sysctl.conf\nfs.file-max = 2000000\nfs.nr_open = 2000000\nnet.ipv4.ip_local_port_range = 1024 65535\nnet.ipv4.tcp_tw_reuse = 1\nnet.ipv4.tcp_fin_timeout = 15\nnet.ipv4.tcp_syncookies = 1\nnet.ipv4.tcp_max_syn_backlog = 8192\nnet.netfilter.nf_conntrack_max = 1048576<\/code><\/pre>\n<p><strong>\u53d6\u820d\u7406\u7531<\/strong>\uff1a<\/p>\n<ol>\n<li>\u6269\u5c55 <code>ip_local_port_range<\/code> \u662f\u89e3\u51b3\u5ba2\u6237\u7aef\u7aef\u53e3\u8017\u5c3d\u7684\u76f4\u63a5\u624b\u6bb5<\/li>\n<li><code>tcp_tw_reuse<\/code> \u52a0\u901fTIME_WAIT\u56de\u6536\uff0c\u589e\u52a0\u53ef\u7528\u7aef\u53e3\u5468\u8f6c\u7387<\/li>\n<li>\u63d0\u9ad8 <code>fs.nr_open<\/code> \u786e\u4fddulimit\u80fd\u8bbe\u7f6e\u5230\u8db3\u591f\u9ad8<\/li>\n<li>\u4fdd\u7559 <code>nf_conntrack_max<\/code> \u4ee5\u9632iptables\u89c4\u5219\u5f71\u54cd\u6027\u80fd<\/li>\n<\/ol>\n<h2>\u5b9e\u65bd\u65b9\u6848\u4e0e\u9a8c\u8bc1\u7ed3\u8bba<\/h2>\n<h3>\u5b9e\u65bd\u6b65\u9aa4<\/h3>\n<pre><code class=\"lang-bash language-bash bash\"># 1. \u5907\u4efd\u539f\u914d\u7f6e\ncp \/etc\/sysctl.conf \/etc\/sysctl.conf.bak\n\n# 2. \u5e94\u7528\u65b0\u914d\u7f6e\nsysctl -p\n\n# 3. \u9a8c\u8bc1\u751f\u6548\nsysctl net.ipv4.ip_local_port_range\n# \u671f\u671b\u8f93\u51fa\uff1anet.ipv4.ip_local_port_range = 1024 65535\n\n# 4. \u4fee\u6539limits.conf\ncat &gt;&gt; \/etc\/security\/limits.conf &lt;&lt; &#039;EOF&#039;\n*    soft    nofile    1000000\n*    hard    nofile    1000000\nnginx soft    nofile    1000000\nnginx hard    nofile    1000000\nEOF\n\n# 5. \u91cd\u542f\u670d\u52a1\u4f7fulimit\u751f\u6548\nsystemctl restart nginx\n\n# 6. \u9a8c\u8bc1ulimit\uff08\u9700\u8981\u91cd\u65b0\u767b\u5f55\u6216\u91cd\u542f\u8fdb\u7a0b\uff09\nsudo -u nginx bash -c &#039;ulimit -n&#039;<\/code><\/pre>\n<h3>\u9a8c\u8bc1\u7ed3\u8bba<\/h3>\n<h4>\u65b9\u6cd5\u4e00\uff1a\u9010\u6b65\u52a0\u538b\u6d4b\u8bd5<\/h4>\n<pre><code class=\"lang-bash language-bash bash\"># \u9010\u6b65\u589e\u52a0\u5e76\u53d1\uff0c\u89c2\u5bdf\u9519\u8bef\u7387\nfor c in 10000 30000 50000; do\n    echo &quot;=== Testing with $c connections ===&quot;\n    wrk -t8 -c$c -d10s --latency http:\/\/backend-cluster:8080\/api 2&gt;&amp;1 | \\\n        grep -E &#039;Latency|Requests|Socket errors|non-2xx&#039;\ndone<\/code><\/pre>\n<p><strong>\u4fee\u590d\u524d<\/strong>\uff1a\u8fde\u63a5\u6570\u523028000\u5de6\u53f3\u5f00\u59cb\u51fa\u73b0\u5927\u91cf <code>EADDRNOTAVAIL<\/code><\/p>\n<p><strong>\u4fee\u590d\u540e<\/strong>\uff1a\u8fde\u63a5\u6570\u7a33\u5b9a\u572860000+ \u65e0\u62a5\u9519<\/p>\n<h4>\u65b9\u6cd5\u4e8c\uff1a\u76d1\u63a7\u6307\u6807\u5bf9\u6bd4<\/h4>\n<pre><code class=\"lang-bash language-bash bash\"># \u4fee\u590d\u524d\n$ ss -s\nTotal: 28350 (kernel 1234)\nTCP:   28342 (estab 120, closed 28215, orphaned 0, synrecv 0, timewait 28100)\n\n# \u4fee\u590d\u540e\n$ ss -s\nTotal: 150 (kernel 1234)\nTCP:   142 (estab 50, closed 87, orphaned 0, synrecv 0, timewait 87)\n# TIME_WAIT\u4ece28100\u964d\u523087\uff0c\u7aef\u53e3\u590d\u7528\u751f\u6548<\/code><\/pre>\n<h4>\u65b9\u6cd5\u4e09\uff1a\u786e\u8ba4\u74f6\u9888\u8f6c\u79fb<\/h4>\n<pre><code class=\"lang-bash language-bash bash\"># \u786e\u8ba4\u4e0d\u518d\u662f\u7aef\u53e3\u95ee\u9898\n$ sysctl net.ipv4.ip_local_port_range\nnet.ipv4.ip_local_port_range = 1024 65535\n# \u53ef\u7528\u7aef\u53e3\u6570\uff1a65535 - 1024 + 1 = 64512\n\n# \u786e\u8ba4ulimit\u5df2\u751f\u6548\n$ sudo -u nginx bash -c &#039;ulimit -n&#039;\n1000000<\/code><\/pre>\n<h2>\u8fb9\u754c\u6761\u4ef6<\/h2>\n<h3>\u4ec0\u4e48\u65f6\u5019\u7aef\u53e3\u6570\u771f\u7684\u662f\u74f6\u9888<\/h3>\n<p>\u5f53\u4e14\u4ec5\u5f53\u4ee5\u4e0b\u6761\u4ef6<strong>\u540c\u65f6<\/strong>\u6ee1\u8db3\u65f6\uff1a<\/p>\n<ol>\n<li><strong>\u4f60\u662f\u5ba2\u6237\u7aef\u89d2\u8272<\/strong>\u2014\u2014\u53d1\u8d77\u8fde\u63a5\u7684\u4e00\u65b9<\/li>\n<li><strong>\u6240\u6709\u8fde\u63a5\u6307\u5411\u540c\u4e00\u4e2a\u76ee\u6807 IP:Port<\/strong><\/li>\n<li><strong>\u77ed\u8fde\u63a5\u4e14TIME_WAIT\u5806\u79ef<\/strong><\/li>\n<li><strong><code>ip_local_port_range<\/code> \u6ca1\u6709\u6269\u5c55<\/strong><\/li>\n<\/ol>\n<h3>\u4ec0\u4e48\u65f6\u5019ulimit\u624d\u662f\u74f6\u9888<\/h3>\n<p>\u6bcf\u4e2aTCP\u8fde\u63a5\u9700\u8981\u5360\u7528\u4e00\u4e2a\u6587\u4ef6\u63cf\u8ff0\u7b26\u3002\u9ed8\u8ba4\u76841024\u5bf9\u4e8e\u751f\u4ea7\u670d\u52a1\u8fdc\u8fdc\u4e0d\u591f\u3002<\/p>\n<h3>\u5bb9\u5668\u73af\u5883\u989d\u5916\u7ea6\u675f<\/h3>\n<p>\u5728Docker\u73af\u5883\u4e2d\uff0c\u6587\u4ef6\u63cf\u8ff0\u7b26\u9650\u5236\u53ef\u80fd\u53d7\u591a\u4e2a\u5c42\u9762\u9650\u5236\uff1a<\/p>\n<pre><code class=\"lang-bash language-bash bash\"># \u68c0\u67e5\u5bb9\u5668\u5185\u9650\u5236\ndocker exec \n&lt;container_id&gt; cat \/proc\/sys\/fs\/file-nr\n\n# \u68c0\u67e5\u5bbf\u4e3b\u673a\u9650\u5236\ncat \/proc\/sys\/fs\/file-max\n\n# \u68c0\u67e5Docker daemon\u914d\u7f6e\ncat \/etc\/docker\/daemon.json\n{\n  &quot;default-ulimits&quot;: {\n    &quot;nofile&quot;: {\n      &quot;Name&quot;: &quot;nofile&quot;,\n      &quot;Hard&quot;: 8400000,\n      &quot;Soft&quot;: 8400000\n    }\n  }\n}<\/code><\/pre>\n<p><strong>\u5173\u952e\u5224\u65ad<\/strong>\uff1a\u5982\u679c\u5bb9\u5668\u5185 <code>ulimit -n<\/code> \u662f1024\uff0c\u4f46\u5bbf\u4e3b\u673a <code>fs.file-max<\/code> \u662f8388608\uff0c\u90a3\u74f6\u9888\u5728\u5bb9\u5668\u7684ulimit\u9650\u5236\uff0c\u9700\u8981\u7528 <code>--ulimit nofile=1000000:1000000<\/code> \u542f\u52a8\u53c2\u6570\u8986\u76d6\u3002<\/p>\n<h3>\u5185\u5b58\u7ea6\u675f<\/h3>\n<p>\u6bcf\u4e2aTCP\u8fde\u63a5\u5927\u7ea6\u5360\u75283KB-10KB\u5185\u5b58\uff08\u53d6\u51b3\u4e8e\u534f\u8bae\u6808buffer\u5927\u5c0f\uff09\u3002100\u4e07\u8fde\u63a5\u610f\u5473\u7740\u81f3\u5c11\u9700\u89813GB-10GB\u5185\u5b58\u4e13\u95e8\u7528\u4e8e\u8fde\u63a5\u7ef4\u62a4\u3002<\/p>\n<pre><code class=\"lang-bash language-bash bash\"># \u4f30\u7b97\u5355\u4e2a\u8fde\u63a5\u5185\u5b58\u5360\u7528\n$ cat \/proc\/sys\/net\/ipv4\/tcp_rmem\n4096    16384   4194304\n# \u6700\u5c0f\/\u9ed8\u8ba4\/\u6700\u5927 receive buffer\n\n$ cat \/proc\/sys\/net\/ipv4\/tcp_wmem\n4096    16384   4194304\n# \u6700\u5c0f\/\u9ed8\u8ba4\/\u6700\u5927 send buffer\n\n# 10000\u8fde\u63a5 &times; 32KB(buffer) &asymp; 320MB<\/code><\/pre>\n<h3>\u957f\u8fde\u63a5 vs \u77ed\u8fde\u63a5\u573a\u666f\u5bf9\u6bd4<\/h3>\n<table>\n<thead>\n<tr>\n<th>\u573a\u666f<\/th>\n<th>\u4e3b\u8981\u74f6\u9888<\/th>\n<th>\u4f18\u5316\u65b9\u5411<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>HTTP\u77ed\u8fde\u63a5<\/td>\n<td>\u4e34\u65f6\u7aef\u53e3\u3001TIME_WAIT<\/td>\n<td>\u8fde\u63a5\u590d\u7528\u3001\u7aef\u53e3\u6269\u5c55\u3001tw_reuse<\/td>\n<\/tr>\n<tr>\n<td>WebSocket\u957f\u8fde\u63a5<\/td>\n<td>\u6587\u4ef6\u63cf\u8ff0\u7b26\u3001\u5185\u5b58<\/td>\n<td>ulimit\u8c03\u9ad8\u3001\u5185\u5b58\u89c4\u5212<\/td>\n<\/tr>\n<tr>\n<td>gRPC\u957f\u8fde\u63a5<\/td>\n<td>\u6587\u4ef6\u63cf\u8ff0\u7b26\u3001\u5185\u5b58<\/td>\n<td>\u540c\u4e0a<\/td>\n<\/tr>\n<tr>\n<td>\u6570\u636e\u5e93\u8fde\u63a5\u6c60<\/td>\n<td>\u6587\u4ef6\u63cf\u8ff0\u7b26\u3001\u8fde\u63a5\u6c60\u4e0a\u9650<\/td>\n<td>\u8c03\u6574\u670d\u52a1\u8fde\u63a5\u6570\u9650\u5236<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\u603b\u7ed3<\/h2>\n<table>\n<thead>\n<tr>\n<th>\u74f6\u9888\u7c7b\u578b<\/th>\n<th>\u5178\u578b\u75c7\u72b6<\/th>\n<th>\u68c0\u67e5\u547d\u4ee4<\/th>\n<th>\u89e3\u51b3\u65b9\u6848<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>ulimit\u8fc7\u5c0f<\/td>\n<td><code>too many open files<\/code><\/td>\n<td><code>ulimit -n<\/code><\/td>\n<td>\u8c03\u6574 <code>\/etc\/security\/limits.conf<\/code><\/td>\n<\/tr>\n<tr>\n<td>\u7aef\u53e3\u8017\u5c3d<\/td>\n<td><code>cannot assign requested address<\/code><\/td>\n<td><code>ss -s<\/code> \u770bTIME_WAIT<\/td>\n<td>\u6269\u5c55 <code>ip_local_port_range<\/code> + <code>tcp_tw_reuse<\/code><\/td>\n<\/tr>\n<tr>\n<td>\u5185\u6838fd\u4e0a\u9650<\/td>\n<td>ulimit\u65e0\u6cd5\u8d85\u8fc7\u67d0\u4e2a\u503c<\/td>\n<td><code>cat \/proc\/sys\/fs\/nr_open<\/code><\/td>\n<td><code>sysctl -w fs.nr_open=xxx<\/code><\/td>\n<\/tr>\n<tr>\n<td>\u5185\u5b58\u4e0d\u8db3<\/td>\n<td>OOM killed<\/td>\n<td><code>free -h<\/code><\/td>\n<td>\u589e\u52a0\u5185\u5b58\u6216\u51cf\u5c11\u8fde\u63a5\u6570<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u56de\u5230\u6700\u521d\u7684\u95ee\u9898\uff1a<strong>Linux\u6700\u5927TCP\u8fde\u63a5\u6570\u662f\u591a\u5c11\uff1f<\/strong><\/p>\n<p><strong>\u7b54\u6848\u662f\uff1a\u53d6\u51b3\u4e8e\u4f60\u9047\u5230\u7684\u5177\u4f53\u74f6\u9888\u662f\u4ec0\u4e48\u3002<\/strong><\/p>\n<p>\u5bf9\u4e8e\u670d\u52a1\u7aef\uff0c\u74f6\u9888\u901a\u5e38\u662f\u6587\u4ef6\u63cf\u8ff0\u7b26\uff1b\u5bf9\u4e8e\u5ba2\u6237\u7aef\uff0c\u74f6\u9888\u901a\u5e38\u662f\u4e34\u65f6\u7aef\u53e3\u3002\u4e0d\u8981\u752865535\u6765\u56de\u7b54\u8fd9\u4e2a\u95ee\u9898\uff0c\u4e5f\u4e0d\u8981\u752865535\u6765\u6307\u5bfc\u7cfb\u7edf\u8c03\u4f18\u3002\u5148\u5b9a\u4f4d\u74f6\u9888\uff0c\u518d\u9488\u5bf9\u6027\u4f18\u5316\u3002<\/p>\n<p><strong>\u6211\u4e0d\u63a8\u8350\u7684\u505a\u6cd5<\/strong>\uff1a\u4e0a\u6765\u5c31\u6539 <code>ip_local_port_range<\/code>\uff0c\u5374\u4e0d\u68c0\u67e5ulimit\u548c\u5185\u6838\u53c2\u6570\u3002TCP\u8fde\u63a5\u6570\u95ee\u9898\u4ece\u6765\u4e0d\u662f\u5355\u4e00\u56e0\u7d20\u5bfc\u81f4\u7684\u3002<\/p>","protected":false},"excerpt":{"rendered":"<p>\u5927\u591a\u6570\u5de5\u7a0b\u5e08\u77e5\u9053\u7aef\u53e3\u53f7\u662f16\u4f4d\uff0c\u6240\u4ee5\u8ba4\u4e3a\u6700\u591a65535\u4e2a\u8fde\u63a5\u3002\u4f46\u5b9e\u9645\u5b9a\u4f4d\u74f6\u9888\u5728\u6587\u4ef6\u63cf\u8ff0\u7b26\u3001\u7cfb\u7edf\u53c2\u6570\u3001\u5185\u5b58\u3001\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u7b49\u591a\u4e2a\u5c42\u9762\u3002\u672c\u6587\u901a\u8fc7\u5b9e\u9645\u547d\u4ee4\u8f93\u51fa\u548c\u53c2\u6570\u5bf9\u6bd4\uff0c\u5c55\u793a\u5b8c\u6574\u7684\u6392\u67e5\u8def\u5f84\u3002<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,468,175],"tags":[16,434,865,435,436],"class_list":["post-860","post","type-post","status-publish","format-standard","hentry","category-linux","category-468","category-175","tag-linux","tag-tcp","tag-865","tag-435","tag-436"],"views":23,"_links":{"self":[{"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=\/wp\/v2\/posts\/860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=860"}],"version-history":[{"count":1,"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=\/wp\/v2\/posts\/860\/revisions"}],"predecessor-version":[{"id":869,"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=\/wp\/v2\/posts\/860\/revisions\/869"}],"wp:attachment":[{"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}