| | 1 | = 2011-04-13 = |
| | 2 | |
| | 3 | == Apache Performance Tuning == |
| | 4 | |
| | 5 | * 花了兩天時間,總算找出造成 trac 網站大量記憶體需求的特徵:刻意發起造成 CLOSE_WAIT 的攻擊行為。 |
| | 6 | {{{ |
| | 7 | PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND |
| | 8 | 15652 www-data 20 0 783m 763m 4624 R 97.0 75.4 17:31.07 apache2 |
| | 9 | 20059 www-data 20 0 52836 31m 4732 S 2.7 3.2 0:06.86 apache2 |
| | 10 | |
| | 11 | jazz@trac-pool:~$ sudo netstat -nap | grep 15652 |
| | 12 | tcp6 1 0 140.110.X.X:80 220.181.93.1:55903 CLOSE_WAIT 15652/apache2 |
| | 13 | }}} |
| | 14 | * 手動砍掉 15652 這個 process 之後,同樣這個 IP,後來又產生了一次 CLOSE_WAIT 現象,不禁懷疑這是一種網站攻擊方式。 |
| | 15 | {{{ |
| | 16 | PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND |
| | 17 | 23708 www-data 20 0 414m 396m 4544 R 99.7 39.2 2:44.46 apache2 |
| | 18 | 23025 www-data 20 0 74940 55m 4752 S 0.0 5.5 0:27.58 apache2 |
| | 19 | |
| | 20 | tcp6 0 0 140.110.X.X:80 220.181.93.1:64932 TIME_WAIT - |
| | 21 | tcp6 0 0 140.110.X.X:80 220.181.93.1:47074 TIME_WAIT - |
| | 22 | tcp6 0 0 140.110.X.X:80 220.181.93.1:50047 TIME_WAIT - |
| | 23 | tcp6 0 0 140.110.X.X:80 220.181.93.1:43913 TIME_WAIT - |
| | 24 | }}} |
| | 25 | * <解決方法> 降低 net.ipv4.tcp_keepalive_time 的數值,預設是 7200 秒(兩小時),真的太長了!! |
| | 26 | {{{ |
| | 27 | echo "decrease TCP socket TIME_WAIT time" |
| | 28 | sysctl -w net.ipv4.tcp_fin_timeout=10 |
| | 29 | sysctl -w net.ipv4.tcp_tw_reuse=1 |
| | 30 | sysctl -w net.ipv4.tcp_tw_recycle=1 |
| | 31 | echo "decrease TCP socket CLOSE_WAIT time" |
| | 32 | sysctl -w net.ipv4.tcp_keepalive_time=30 |
| | 33 | sysctl -w net.ipv4.tcp_keepalive_probes=2 |
| | 34 | sysctl -w net.ipv4.tcp_keepalive_intvl=2 |
| | 35 | }}} |
| | 36 | * <參考> [http://tw.myblog.yahoo.com/yaitoo-richzal/article?mid=212&sc=1 大量 CLOSE_WAIT 的影響] |
| | 37 | {{{ |
| | 38 | 大量的 CLOSE_WAIT 連接,直接佔滿 TCP 連線佇列, |
| | 39 | 導致 Apache 失去回應,且 CPU 使用量與記憶體使用量快速提高!! |
| | 40 | }}} |
| | 41 | * <參考> [http://haka.sharera.com/blog/BlogTopic/32309.htm CLOSE_WAIT 生成的原因] |
