hadoop somaxconn 配置优化

最新推荐文章于 2023-04-11 09:58:34 发布
原创 最新推荐文章于 2023-04-11 09:58:34 发布 · 2.5k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

在Hadoop集群中遇到可能的SYN洪水攻击,系统日志提示13562端口受到影响。为解决这个问题,建议增加net.core.somaxconn和net.ipv4.tcp_max_syn_backlog的值以提升处理能力。当前系统默认配置的net.core.somaxconn为128,这明显过小。可以通过调整这些参数来增强系统的抗攻击能力。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

2017-04-26 03:41:59,354 INFO org.apache.hadoop.hdfs.server.datanode.DataNode: Exception for BP-1687617170-10.8.211.11-1404135347814:blk_8843355098_1109841848870
java.net.SocketTimeoutException: 60000 millis timeout while waiting for channel to be ready for read. ch : java.nio.channels.SocketChannel[connected local=/10.8.147.58:50010 remote=/10.8.144
.40:52022]
        at org.apache.hadoop.net.SocketIOWithTimeout.doIO(SocketIOWithTimeout.java:164)
        at org.apache.hadoop.net.SocketInputStream.read(SocketInputStream.java:161)
        at org.apache.hadoop.net.SocketInputStream.read(SocketInputStream.java:131)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
        at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
        at java.io.DataInputStream.read(DataInputStream.java:149)
        at org.apache.hadoop.io.IOUtils.readFully(IOUtils.java:192)
        at org.apache.hadoop.hdfs.protocol.datatransfer.PacketReceiver.doReadFully(PacketReceiver.java:213)
        at org.apache.hadoop.hdfs.protocol.datatransfer.PacketReceiver.doRead(PacketReceiver.java:134)
        at org.apache.hadoop.hdfs.protocol.datatransfer.PacketReceiver.receiveNextPacket(PacketReceiver.java:109)
        at org.apache.hadoop.hdfs.server.datanode.BlockReceiver.receivePacket(BlockReceiver.java:446)
        at org.apache.hadoop.hdfs.server.datanode.BlockReceiver.receiveBlock(BlockReceiver.java:702)
        at org.apache.hadoop.hdfs.server.datanode.DataXceiver.writeBlock(DataXceiver.java:739)
        at org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.opWriteBlock(Receiver.java:124)
        at org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.processOp(Receiver.java:71)
        at org.apache.hadoop.hdfs.server.datanode.DataXceiver.run(DataXceiver.java:232)
        at java.lang.Thread.run(Thread.java:745)
2017-04-26 03:41:59,354 WARN org.apache.hadoop.hdfs.server.datanode.DataNode: IOExc
 
 
 
 
 
2017-04-26 03:41:09,552 WARN org.apache.hadoop.hdfs.server.datanode.DataNode: DatanodeRegistration(10.8.147.51, datanodeUuid=cd05df30-c9ce-4e3d-bbe3-f4ea6aecc1cc, infoPort=50075, ipcPort=50020, storageInfo=lv=-55;cid=CID-df8798d4-d28a-4aba-9446-8d17b04a16b7;nsid=423722359;c=1404135597320):Got exception while serving BP-1687617170-10.8.211.11-1404135347814:blk_8835640234_1109834110012 to /10.8.216.18:56644
java.net.SocketTimeoutException: 480000 millis timeout while waiting for channel to be ready for write. ch : java.nio.channels.SocketChannel[connected local=/10.8.147.51:50010 remote=/10.8.216.18:56644]
        at org.apache.hadoop.net.SocketIOWithTimeout.waitForIO(SocketIOWithTimeout.java:246)
        at org.apache.hadoop.net.SocketOutputStream.waitForWritable(SocketOutputStream.java:172)
        at org.apache.hadoop.net.SocketOutputStream.transferToFully(SocketOutputStream.java:220)
        at org.apache.hadoop.hdfs.server.datanode.BlockSender.sendPacket(BlockSender.java:547)
        at org.apache.hadoop.hdfs.server.datanode.BlockSender.sendBlock(BlockSender.java:716)
        at org.apache.hadoop.hdfs.server.datanode.DataXceiver.readBlock(DataXceiver.java:506)
        at org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.opReadBlock(Receiver.java:110)
        at org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.processOp(Receiver.java:68)
        at org.apache.hadoop.hdfs.server.datanode.DataXceiver.run(DataXceiver.java:232)
        at java.lang.Thread.run(Thread.java:745)
2017-04-26 03:41:09,552 ERROR org.apache.hadoop.hdfs.server.datanode.DataNode: dn0205:50010:DataXceiver error processing READ_BLOCK operation  src: /10.8.216.18:56644 dst: /10.8.147.51:50010
java.net.SocketTimeoutException: 480000 millis timeout while waiting for channel to be ready for write. ch : java.nio.channels.SocketChannel[connected local=/10.8.147.51:50010 remote=/10.8.216.18:56644]
        at org.apache.hadoop.net.SocketIOWithTimeout.waitForIO(SocketIOWithTimeout.java:246)
        at org.apache.hadoop.net.SocketOutputStream.waitForWritable(SocketOutputStream.java:172)
        at org.apache.hadoop.net.SocketOutputStream.transferToFully(SocketOutputStream.java:220)
        at org.apache.hadoop.hdfs.server.datanode.BlockSender.sendPacket(BlockSender.java:547)
        at org.apache.hadoop.hdfs.server.datanode.BlockSender.sendBlock(BlockSender.java:716)
        at org.apache.hadoop.hdfs.server.datanode.DataXceiver.readBlock(DataXceiver.java:506)
        at org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.opReadBlock(Receiver.java:110)
        at org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.processOp(Receiver.java:68)
        at org.apache.hadoop.hdfs.server.datanode.DataXceiver.run(DataXceiver.java:232)
        at java.lang.Thread.run(Thread.java:745)
 
 
Also we can see SYN flooding cause the java task enter hung status .
Apr 26 02:43:18 dn0205 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 03:53:06 dn0205 kernel: INFO: task java:11671 blocked for more than 120 seconds.
Apr 26 03:53:06 dn0205 kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Apr 26 03:53:06 dn0205 kernel: INFO: task java:11671 blocked for more than 120 seconds.
Apr 26 03:53:06 dn0205 kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Apr 26 03:53:06 dn0205 kernel: java          D 0000000000000013     0 11671  29690 0x00000080
Apr 26 03:53:06 dn0205 kernel: ffff88096dd9fe08 0000000000000082 0000000000000000 ffff88096dd9fde8
Apr 26 03:53:06 dn0205 kernel: 0000000000000000 00000000fffffffb ffff8803d83efb98 ffff88096dd9fde8
Apr 26 03:53:06 dn0205 kernel: ffff88098a8cf058 ffff88096dd9ffd8 000000000000fb88 ffff88098a8cf058
Apr 26 03:53:06 dn0205 kernel: Call Trace:
Apr 26 03:53:06 dn0205 kernel: [<ffffffff81090ece>] ? prepare_to_wait+0x4e/0x80
Apr 26 03:53:06 dn0205 kernel: [<ffffffffa01c9935>] log_wait_commit+0xc5/0x140 [jbd]
Apr 26 03:53:06 dn0205 kernel: [<ffffffff81090be0>] ? autoremove_wake_function+0x0/0x40
Apr 26 03:53:06 dn0205 kernel: [<ffffffffa01c9766>] ? __log_start_commit+0x36/0x40 [jbd]
Apr 26 03:53:06 dn0205 kernel: [<ffffffffa01da5e6>] ext3_sync_file+0x126/0x1a0 [ext3]
Apr 26 03:53:06 dn0205 kernel: [<ffffffff81110898>] ? filemap_write_and_wait_range+0x78/0x90
Apr 26 03:53:06 dn0205 kernel: [<ffffffff811a50e1>] vfs_fsync_range+0xa1/0xe0
Apr 26 03:53:06 dn0205 kernel: [<ffffffff811a518d>] vfs_fsync+0x1d/0x20
Apr 26 03:53:06 dn0205 kernel: [<ffffffff811a51ce>] do_fsync+0x3e/0x60
Apr 26 03:53:06 dn0205 kernel: [<ffffffff811a5220>] sys_fsync+0x10/0x20
Apr 26 03:53:06 dn0205 kernel: [<ffffffff8100b072>] system_call_fastpath+0x16/0x1b
Apr 26 03:53:06 dn0205 kernel: INFO: task java:14301 blocked for more than 120 seconds.
Apr 26 03:53:06 dn0205 kernel: java          D 0000000000000013     0 11671  29690 0x00000080
Apr 26 03:53:06 dn0205 kernel: ffff88096dd9fe08 0000000000000082 0000000000000000 ffff88096dd9fde8
Apr 26 03:53:06 dn0205 kernel: 0000000000000000 00000000fffffffb ffff8803d83efb98 ffff88096dd9fde8
Apr 26 03:53:06 dn0205 kernel: ffff88098a8cf058 ffff88096dd9ffd8 000000000000fb88 ffff88098a8cf058
Apr 26 03:53:06 dn0205 kernel: Call Trace:
Apr 26 03:53:06 dn0205 kernel: [<ffffffff81090ece>] ? prepare_to_wait+0x4e/0x80
Apr 26 03:53:06 dn0205 kernel: [<ffffffffa01c9935>] log_wait_commit+0xc5/0x140 [jbd]
Apr 26 03:53:06 dn0205 kernel: [<ffffffff81090be0>] ? autoremove_wake_function+0x0/0x40
Apr 26 03:53:06 dn0205 kernel: [<ffffffffa01c9766>] ? __log_start_commit+0x36/0
 
 
We can see sync flooding on other 2 nodes as well.
 
Apr 26 02:25:35 dn0324 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 02:25:35 dn0324 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 03:26:43 dn0324 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 03:26:43 dn0324 kernel: possible SYN flooding on port 13562. Sending cookies.
 
Apr 26 07:24:03 dn0229 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 07:24:03 dn0229 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 07:25:52 dn0229 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 07:25:52 dn0229 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 07:29:25 dn0229 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 07:29:25 dn0229 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 11:16:26 dn0229 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 11:16:26 dn0229 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 11:23:02 dn0229 auditd[23920]: Audit daemon rotating log files
Apr 26 11:23:02 dn0229 auditd[23920]: Audit daemon rotating log files
Apr 26 13:29:08 dn0229 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 13:29:08 dn0229 kernel: possible SYN flooding on port 13562. Sending cookies.
Apr 26 14:55:32 dn0229 kernel: possible SYN flooding on port 13562. Sending cookies.

Apr 26 14:55:32 dn0229 kernel: possible SYN flooding on port 13562. Sending cookies.




increase net.core.somaxconn and net.ipv4.tcp_max_syn_backlog to handle this 



我们的系统默认配置如下,明显太小了

[20:00]:[root@dn0324:~]# sysctl -a  | grep somaxconn
net.core.somaxconn = 128



http://www.sjsjw.com/kf_cloud/article/315_32763_12365.asp

【网络】Linux 内核优化实战 - net.core.somaxconn
cuiwin的专栏
06-26 1181
net.core.somaxconn 是 Linux 内核的关键网络参数,用于控制系统中每个 socket 监听队列的最大长度。当客户端发起 TCP 连接时,服务器会将尚未被应用程序 accept () 处理的连接放入监听队列中,而 somaxconn 则限制了这个队列的最大容量。
How to solve java.net.SocketTimeoutException:60000millis problem in HDFS
月满西楼的专栏
11-17 2760
Many HDFS users encounter the following error when DFSClient ready file from a certain Data Node.         "java.net.SocketTimeoutException: 60000millis timeout while waiting for channel to be ready
linux net.core.somaxconn,Nginx 性能优化之net.core.somaxconn
weixin_42500818的博客
05-25 1189
web应用中listen函数的backlog默认会给我们内核参数的net.core.somaxconn限制到128,而nginx定义的NGX_LISTEN_BACKLOG默认为511,所以有必要调整这个值。如:net.core.netdev_max_backlog = 262144我们线上服务器net.core.somaxconn都是默认的128,这个参数会影响到所有AF_INET类型socket...
Hadoop配置 - net.core.somaxconn
Mrknowledge
04-28 3960
net.core.somaxconn的作用 net.core.somaxconn是Linux中的一个kernel参数,表示socket监听(listen)的backlog上限。什么是backlog呢?backlog就是socket的监听队列,当一个请求(request)尚未被处理或建立时,他会进入backlog。而socket server可以一次性处理backlog中的所有请求,处理后的请求不
linux中内核参数somaxconn
newbei5862的博客
08-09 399
在Linux中,/proc/sys/net/core/somaxconn这个参数,linux中内核的一个不错的参数somaxconn。 对于一个TCP连接,Server与Client需要通过三次握手来建立网络连接.当三次握手成功后, 我们可以看到端口的状态由LISTEN转变为ESTABLISHED,接着这条链路上就可以开始传送数据了. 每一个处于监听(Listen)状态的端口,都有自己的监听队列.监听队列的长度,与如下两方面有关: - somaxconn参数. - 使用该端口的程序中listen(
linux中tcp连接内核参数调优somaxconn
pingyan158的专栏
05-14 1211
永久生效: vim /etc/sysctl.conf net.core.somaxconn=32768 sysctl -p 立即生效: sysctl -w net.core.somaxconn=32768 sysctl -a显示所有内核参数 看其解析:   对于一个TCP连接,Server与Client需要通过三次握手来建立网络连接.当三次握手成功后,   我们可以看到端口的状态由LISTEN转变为ESTABLISHED,接着这条链路上就可以开始传送数据了.   每一个处于监听(Listen)状态的端口,都
hadoop集群系统优化
u014516601的博客
08-05 1035
1. Ulimit 配置 操作系统默认只能打开 1024 个文件,打开的文件超过这个数发现程序会有“too many open files”的 错误,1024 对于大数据系统来说显然是不够的,如果不设置,基本上整个大数据系统是“不可用的”,根 本不能用于生产环境。 配置方法如下: echo "* soft nofile 128000" &gt;&gt; /etc/security/limit...
Hadoop分布式系统优化实践:性能与运维指南
"Hadoop性能调优与运维涵盖了硬件选择、操作系统与JVM调优、Hadoop参数优化Hive性能优化以及Hadoop运维等方面。在Hadoop系统中,硬件选择至关重要,主节点需要具备高可靠性,从节点则需考虑多路多核CPU、大内存,...
Hadoop调优实践:MapReduce与Hive优化及Linux配置
文档涵盖了硬件配置、Linux系统参数调整和Namenode的JVM参数优化等方面,旨在提高Hadoop集群的性能和稳定性。" 在MapReduce和Hive调优方面,硬件配置是关键因素之一。对于存储角色,如DataNode,CPU和内存的需求...
说说Hadoop 性能优化
最新发布
08-06
- 最佳实践包括配置优化、参数调整、硬件选择等。 关键点从引用: 1. **配置原则**:master/slave架构,master需要更好的配置,避免单点故障(引用[^2])。 2. **操作系统参数调优**:引用[^2]提到。 3. **HDFS优化...
hadoop性能调优
lgstudyvc的专栏
07-04 563
一、 Hadoop概述 随着企业要处理的数据量越来越大,MapReduce思想越来越受到重视。Hadoop是MapReduce的一个开源实现,由于其良好的扩展性和容错性,已得到越来越广泛的应用。 Hadoop实现了一个分布式文件系统(Hadoop Distributed File System),简HDFS。HDFS有高容错性的特点,并且设计用来部署在低廉的(low-cost)硬件上;而且它提供...
java.net.SocketTimeoutException: 60000 millis timeout while waiting for channel to be ready for read
热门推荐
weibin_6388的专栏
04-25 1万+
环境:- Spark 2.11-2.0.2- Hadoop 2.6.5使用Spark连接HDFS,在高并发的时候,偶尔会遇到以下异常:[plain] view plain copy2017-01-26 10:30:29,079 ERROR org.apache.hadoop.hdfs.server.datanode.DataNode: xxx:50010:DataXceiver error pro...
java hadoop 超时_Hadoop 文件上传超时原因分析
weixin_30769833的博客
03-04 723
hadoop上传数据问题2011-06-14 22:07当一个HDFS系统同时处理许多个并行的put操作,往HDFS上传数据时,有时候会出现dfsclient 端发生socket 链接超时的报错,有的时候甚至会由于这种原因导致最终的put操作失败,造成数据上传不完整。log类似如下:All datanodes *** are bad. Aborting...类似这样的错误,常常会在并行的put操...
java hadoop 超时_hadoop map端的超时参数
weixin_34512840的博客
02-27 582
Report progressIf your task reports no progress for 10 minutes (see themapred.task.timeoutproperty) then it will be killed by Hadoop. Most tasks don’t encounter this situation since they report prog...
Server端处理时间很长,Client发生SocketTimeoutException
bupt041137的专栏
11-22 1441
Client端只有一个put请求,往server端写数据,server端处理时间过长,导致client端SocketTimeoutException   0.94版本   Client端发生异常SocketTimeoutException:   12/11/20 19:03:18 WARN client.HConnectionManager$HConnectionImplementat...
java.net.SocketTimeoutException: timeout
wq123123423432的博客
04-11 1553
java.net.SocketTimeoutException: timeout
hadoop yarn 实战错误汇总
abc9169的博客
09-04 308
1.hadoop yarn 运行wordcount时执行完成,但是返回错误 错误信息如下: 15/09/05 03:48:02 INFO mapreduce.Job: Job job_1441395011668_0001 failed with state FAILED due to: Application application_1441395011668_0001 fail...
java hadoop 超时_hadoop中的一次集群任务执行超时问题查找过程
weixin_39946429的博客
02-27 745
问题背景本次进行一个项目的重构,在某些活动数据量比较大的情况下,会偶尔出现1200s超时的情况,如下:AttemptID:attempt_1410771599055_11709_m_000033_0 Timed out after 1200 secs而hadoop会不断启动备份任务进行重试,重试也许成功,但失败的概率还是比较大:经过分析,hadoop的任务都有个超时时间,使用下面的参数设置,表示1...
理解 Linux backlog/somaxconn 内核参数
weixin_43010385的博客
05-14 2767
引言 之前负载均衡超时问题这篇博文中提到一个可能原因是: 后端服务器 Socket accept 队列满,系统的 somaxconn 内核参数默认太小。 下面我们我深入学习理解下 somaxconn 内核参数相关内容。 TCP SYN_REVD, ESTABELLISHED 状态对应的队列 TCP 建立连接时要经过 3 次握手,在客户端向服务器发起连接时, 对于服务器而言,一个完整的连接建立过程,服务器会经历 2 种 TCP 状态:SYN_REVD, ESTABELLISHED。 对应也会维护两个队列:
Hadoop YARN配置优化工具使用指南
### Hadoop YARN优化配置项生成工具知识点 在大数据处理和存储领域,Hadoop生态系统一直占据着核心地位。作为Hadoop的一个重要组成部分,YARN(Yet Another Resource Negotiator)负责集群资源管理和作业调度。随着...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值