All Products
Search

This Product

    :What do I do if a large number of "TCP: time wait bucket table overflow" error messages appear on a Linux ECS instance?

    Document Center

    :What do I do if a large number of "TCP: time wait bucket table overflow" error messages appear on a Linux ECS instance?

    Last Updated:Jul 30, 2024

    This topic describes the causes of and solution to the following issue: A large number of "TCP: time wait bucket table overflow" error messages appear in the /var/log/messages file of a Linux Elastic Compute Service (ECS) instance.

    Problem description

    A large number of "TCP: time wait bucket table overflow" error messages appear in the /var/log/messages file of a Linux ECS instance.

    Cause

    A large number of TCP connections enter the TIME-WAIT state on the ECS instance, which exceeds the upper limit defined by the net.ipv4.tcp_max_tw_buckets (or tcp_max_tw_buckets) kernel parameter.

    • tcp_max_tw_buckets: indicates the maximum number of supported TCP sockets in the TIME_WAIT state. If the maximum number is exceeded, the system stops excess sockets in the TIME_WAIT state and generates the "TCP: time wait bucket table overflow" error message.

    • net.ipv4.tcp_max_tw_buckets: has the same function as the tcp_max_tw_buckets parameter and is used to defend against simple DDoS attacks. Do not decrease the value of this parameter unless your business requires a smaller value. If you require a value greater than the default value based on your network conditions, increase the value of the net.ipv4.tcp_max_tw_buckets parameter or the memory size.

    Solution

    To resolve the preceding issue, increase the value of the net.ipv4.tcp_max_tw_buckets parameter.

    1. Connect to the Linux ECS instance.

      For more information, see Connection method overview.

    2. Change the value of the net.ipv4.tcp_max_tw_buckets parameter.

      1. Run the following command to open the sysctl.conf file: 

        vim /etc/sysctl.conf

      2. Press the I key to enter Insert mode.

      3. Increase the value of the net.ipv4.tcp_max_tw_buckets parameter based on your business requirements.

        In this example, change the value of the net.ipv4.tcp_max_tw_buckets parameter to 20000. 

        net.ipv4.tcp_max_tw_buckets = 20000

      4. Press the Esc key, enter :wq, and then press the Enter key to save and exit the file.

      5. Run the following command to allow the change to take effect: 

        sysctl -p

    3. Run the following command to query connection statistics: 

      netstat -an | grep 80 | awk '{print $6}' | sort | uniq -c | sort -rn