All Products
Search
Document Center

Alibaba Cloud Linux:Change the TCP TIME-WAIT timeout period

Last Updated:Oct 25, 2023

In Linux kernels, TCP/IP connections remain in the TIME-WAIT state for 60 seconds. The length of this period cannot be changed. However, in specific scenarios such as heavy TCP loads, you can shorten this period to improve network performance. Alibaba Cloud Linux 2 starting with the 4.19.43-13.al7 kernel version and Alibaba Cloud Linux 3 support a kernel interface that is used to modify the TCP TIME-WAIT timeout period. This topic describes how to use the kernel interface.

Background information

The TIME-WAIT state is a mechanism in TCP/IP stacks that keeps sockets open after an application shuts down the sockets. By default, this state lasts for 60 seconds to ensure complete data transmission between the server and the client. If a large number of connections are in the TIME-WAIT state, network performance may be compromised. Alibaba Cloud Linux provides an interface that is used to modify the TCP TIME-WAIT timeout period to improve network performance in specific scenarios, such as high-concurrency scenarios. The value range of this interface is 1 to 600 seconds. The default value of the TIME-WAIT timeout period is 60 seconds.

Usage notes

A timeout period of less than 60 seconds may violate the TCP/IP quiet time restriction and cause old data to be accepted as new or duplicated new data rejected as old. We recommend that you adjust the TIME-WAIT timeout period based on the advice of Alibaba Cloud technicians. For more information about the TCP/IP quiet time, visit IETF RFC 793.

Configuration methods

You can use one of the following methods to change the TIME-WAIT timeout period. In both methods, the [$TIME_VALUE] parameter specifies the new timeout period.

  • Run the sysctl command to change the TIME-WAIT timeout period:

    sysctl -w "net.ipv4.tcp_tw_timeout=[$TIME_VALUE]"
  • Run the following echo command to change the TIME-WAIT timeout period in the /proc/sys/net/ipv4/tcp_tw_timeout interface:

    echo [$TIME_VALUE] > /proc/sys/net/ipv4/tcp_tw_timeout

You can run the netstat -ant | grep TIME_WAIT | wc -l command to check whether a large number of short-lived connections exist on the server.

For example, in scenarios where a large number of short-lived connections exist, such as when NGINX is configured with a layer-7 proxy, we recommend that you change the TIME-WAIT timeout period to 5 seconds. Run one of the following commands to modify the timeout period:

Warning

Modification to the [$TIME_VALUE] parameter may cause business interruptions or unavailability. We recommend that you modify the [$TIME_VALUE] parameter during off-peak hours.

  • sysctl -w "net.ipv4.tcp_tw_timeout=5"
  • echo 5 > /proc/sys/net/ipv4/tcp_tw_timeout