Debian 网络连接的回收与优化
一、快速回收网络资源
sudo ip link set **eth0** downsudo dhclient -r **eth0**sudo systemctl restart **nscd** 或 sudo systemctl restart **dnsmasq**sudo ip -s link flush dev **eth0**sudo ss -lntp | grep **:80** 后 sudo kill **PID**sudo systemctl restart **networking**sudo systemctl restart **NetworkManager**sudo **netplan apply**二、连接回收与内核参数优化
/etc/sysctl.conf 或 /etc/sysctl.d/99-network.conf,执行 sudo sysctl -p 生效)
net.ipv4.tcp_fin_timeout = **30**(缩短 FIN_WAIT_2 回收)net.ipv4.tcp_tw_reuse = **1**(允许将处于 TIME_WAIT 的套接字用于新的连接,客户端/负载均衡常用)net.ipv4.tcp_tw_recycle = **0**(在 NAT/负载均衡 环境下可能导致连接异常,建议关闭)net.ipv4.ip_local_port_range = **10000 65000**net.ipv4.tcp_max_syn_backlog = **8192**net.core.somaxconn = **32768**net.core.netdev_max_backlog = **32768**net.ipv4.tcp_keepalive_time = **1200**ss -tan | awk '{print $1}' | sort | uniq -css -s、netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'sudo tcpdump -i **eth0** -nn port **80**三、传输层与缓冲区优化
net.core.rmem_max = **16777216**net.core.wmem_max = **16777216**net.ipv4.tcp_rmem = **4096 87380 16777216**net.ipv4.tcp_wmem = **4096 65536 16777216**sudo ethtool **eth0**sudo ethtool -G **eth0** rx **4096** tx **4096**/etc/sysctl.conf 或 /etc/sysctl.d/*.conf 后 sudo sysctl -p;网卡参数即时生效四、配置管理与监控
/etc/network/interfaces
auto **eth0**iface **eth0** inet staticaddress **192.168.1.100**netmask **255.255.255.0**gateway **192.168.1.1**dns-nameservers **8.8.8.8 8.8.4.4**sudo systemctl enable --now **NetworkManager**/etc/netplan/*.yaml 后 sudo **netplan apply**sudo iftop -i **eth0**sudo nethogs **eth0**mtr **example.com**ping **example.com**、traceroute **example.com**sudo apt install **ufw** && sudo ufw enable,按需放行 SSH/HTTP/HTTPS五、注意事项
ss -s、错误率与延迟。tcp_tw_recycle;在 NAT/云环境 建议保持关闭。
