# 调整 net.ipv4.tcp_tw_recycle 造成的故障

• 背景

• 原因

RFC1323中有如下一段描述：

An additional mechanism could be added to the TCP, a per-host cache of the last timestamp received from any connection. This value could then be used in the PAWS mechanism to reject old duplicate segments from earlier incarnations of the connection, if the timestamp clock can be guaranteed to have ticked at least once since the old connection was open. This would require that the TIME-WAIT delay plus the RTT together must be at least one tick of the sender’s timestamp clock. Such an extension is not part of the proposal of this RFC.

Linux是否启用这种行为取决于tcp_timestamps和tcp_tw_recycle，因为tcp_timestamps缺省就是开启的，所以当tcp_tw_recycle被开启后，实际上这种行为就被激活了，当客户端或服务端以NAT方式构建的时候就可能出现问题，下面以客户端NAT为例来说明：

• 解决办法

解决的方法就是将这两个参数修改为:

• 遇到的问题

本来修改完成后再次请求就没有问题了，但如果是 docker 服务器的话，会发现容器中无法连接网络!

因为修改 net.ipv4.tcp_tw_recycle 影响的是 nat 相关，所以如果容器是以 nat 方式上网的话，就会造成影响

• 解决办法

解决以上问题，需要先停掉 docker 主进程，然后修改参数，再启动

-