Linux. Orphaned connections in CLOSE_WAIT state ( a lot of connections are in CLOSE_WAIT state )

Usually dealing with web servers we have a lot of connections in CLOSE_WAIT state. These connections hold web server threads and also consume our nofile, nproc resources described in /etc/security/limits.conf.

To prevent such situation we need to adjust some kernel variables:

• net.ipv4.tcp_keepalive_time - the interval between the last data packet sent (simple ACKs are not considered data) and the first keepalive probe; after the connection is marked to need keepalive, this counter is not used any further.
• net.ipv4.tcp_keepalive_intvl - the interval between subsequential keepalive probes, regardless of what the connection has exchanged in the meantime.
• net.ipv4.tcp_keepalive_probes - the number of unacknowledged probes to send before considering the connection dead and notifying the application layer.

The first two parameters are expressed in seconds, and the last is the pure number. This means that the keepalive routines wait for two hours (7200 secs, default value) before sending the first keepalive probe, and then resend it every 75 seconds. If no ACK response is received for 9 consecutive times, the connection is marked as broken.

You can modify and persistently save your own setting using sysctl command and file /etc/sysctl.conf like this:

sysctl -w net.ipv4.tcp_keepalive_time=120 >> /etc/sysctl.conf
sysctl -w net.ipv4.tcp_keepalive_probes=3 >> /etc/sysctl.conf 
sysctl -w net.ipv4.tcp_keepalive_intvl=20 >> /etc/sysctl.conf