in recent months, the number of connections from half an hour to one hour per day has been particularly high, resulting in CPU100%. This happens every few weeks in the middle of
.
has become the norm in recent days. Cpu is basically between 60% and 90%, and this will last for more than half a day or more in a day.
most of these IP are ip of Ali Cloud cdn. Can there be dozens of ip? The number of connections to a single IP is not high, only between 3 and 20.
the server configuration is not high. The maximum number of ESTABLISHEDs can reach more than 4000.
after modification and optimization using the online method (below), the number of connections has been reduced to 200,300, but the opening speed card of the website is still very obvious. Only when the number of ESTABLISHED is less than 100 will it run smoothly.
vim /etc/sysctl.conf
-sharp:
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
-sharp /sbin/sysctl -p
Natura system, no tomcat.
run the DZ program, when the ESTABLISHED is high, the online number of the website will also be high, 1200-2500, but the visitor uv statistics in Baidu statistics are normal. It doesn"t seem to be a real user?
is this the IP of cdn origin-pull in my case? Or was it attacked by CC?
in what direction should I investigate and solve ... Ask for advice.