How to reset TIME_WAIT connection on my linux server ?

If you working as a system admin, you might have faced issue of multiple TIME_WAIT connections on a server resulting in no/slow connections to the specific server(s).

To resolve such issues, we may need to restart server or a trick is to reset such connections on the server.

Today we will see this interesting tip how to reset TIME_WAIT connections on a Linux server.

1. Old Way to reset TIME_WAIT connections:

For home systems:

a. Restart networking service.
# /etc/init.d/networking restart

or, in case required.
b. Restart your system.
# init 6

 

2. Use cutter command
Suppose there are multiple time_wait connections for a particular IP.
In this case, we can try cutter command to cut all connections from a specific IP and hence releasing time_wait connected interface pool.
Lets have a look at the usage of this command.

# cutter 192.168.2.34
# cutter 192.168.2.34 192.168.2.35

Tip: Decreasing IPv4 tcp timeout so that time_wait connections can be released early by system.

[root@host-1-185 ~]# cat /proc/sys/net/ipv4/tcp_fin_timeout
60

[root@host-1-185 ~]# echo 10 > /proc/sys/net/ipv4/tcp_fin_timeout

[root@host-1-185 ~]# cat /proc/sys/net/ipv4/tcp_fin_timeout
10
Restart network service after above change.

3. For PROD servers, where we can’t stop/start system/service.
We have two options, one is to kill a particular TCP session, and other is to use some kernel parameters to clean all waiting/closed connections.

a. Kill particular TCP session.
Reference page: http://killcx.sourceforge.net/
Killcx tool is used to close TCP connection in Linux, whatever its state is half-open, waiting established, or closing state.

# killcx [dest_ip:dest_port] {interface}

Download Link: http://sourceforge.net/projects/killcx/files/

b. Using SO_REUSEADDR socket option of TCP.
We need to set SO_REUSEADDR via setsockopt which allows us to bind same local address even if the socket is in TIME_WAIT state.

Set the timeout to 1 second by doing this so that the connections in TIME_WAIT can be re-cycled.
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle

However there are various possible reliability issues when setting this variable as it can close active waiting connections as well.

There is one more parameter, tcp_tw_reuse which controls whether TIME_WAIT sockets can be reused (presumably without any timeout).
The parameter can be set by echoing the value in /proc/sys/net/ipv4/tcp_tw_reuse.

Caution: Both tcp_tw_recycle and tcp_tw_reuse can cause problems with network connections. We should not enable either of them without understanding network topology.

Leave a Reply

avatar
  Subscribe  
Notify of